EIP-2026-102282

PRE-CVE

PhotoSync Wifi & Bluetooth 1.0 - Local File Inclusion

Title source: legacy

Exploitation Summary

EIP tracks 1 public exploit for EIP-2026-102282. PoCs published by Vulnerability-Lab.

AI-analyzed exploit summary This advisory details a local file include vulnerability in PhotoSync Wifi & Bluetooth v1.0, where the `filename` parameter in the `upload` module can be manipulated to include local files. The vulnerability is exploited via POST requests to the local web interface, allowing unauthorized file inclusion in the image directory listing.

Description

PhotoSync Wifi & Bluetooth 1.0 - Local File Inclusion

Exploits (1)

exploitdb WRITEUP

by Vulnerability-Lab · textwebappsios

https://www.exploit-db.com/exploits/34303

View Code ZIP pw:eip

This advisory details a local file include vulnerability in PhotoSync Wifi & Bluetooth v1.0, where the `filename` parameter in the `upload` module can be manipulated to include local files. The vulnerability is exploited via POST requests to the local web interface, allowing unauthorized file inclusion in the image directory listing.

Classification

Writeup 90%

Attack Type

Info Leak

Complexity

Trivial

Reliability

Reliable

Target: PhotoSync Wifi & Bluetooth iOS Mobile Web Application v1.0

No auth needed

Prerequisites: Access to the local network where the PhotoSync service is running · Ability to send POST requests to the local web interface

MITRE ATT&CK

T1190 - Exploit Public-Facing Application

devstral-2 · analyzed Feb 18, 2026 Full analysis →

Details

Status pre_cve

Tracked Since Feb 18, 2026