EIP-2026-102274

PRE-CVE

Photo Server 2.0 iOS - Multiple Vulnerabilities

Title source: legacy

Exploitation Summary

EIP tracks 1 public exploit for EIP-2026-102274. PoCs published by Vulnerability-Lab.

AI-analyzed exploit summary The exploit demonstrates multiple vulnerabilities in Photo Server 2.0 iOS app, including command injection via device name, file include via manipulated filenames, and arbitrary file upload bypassing validation. Proof-of-concept examples are provided for each vulnerability.

Description

Photo Server 2.0 iOS - Multiple Vulnerabilities

Exploits (1)

exploitdb WORKING POC

by Vulnerability-Lab · textwebappsios

https://www.exploit-db.com/exploits/27042

View Code ZIP pw:eip

The exploit demonstrates multiple vulnerabilities in Photo Server 2.0 iOS app, including command injection via device name, file include via manipulated filenames, and arbitrary file upload bypassing validation. Proof-of-concept examples are provided for each vulnerability.

Classification

Working Poc 90%

Attack Type

Rce | Auth Bypass | Other

Complexity

Moderate

Reliability

Reliable

Target: Photo Server 2.0 (iOS)

No auth needed

Prerequisites: Local access to the iOS device for command injection · Network access to the Photo Server app for file include and upload vulnerabilities

MITRE ATT&CK

T1059 - Command and Scripting Interpreter T1105 - Ingress Tool Transfer T1068 - Exploitation for Privilege Escalation

devstral-2 · analyzed Feb 16, 2026 Full analysis →

Details

Status pre_cve

Tracked Since Feb 18, 2026