EIP-2026-102307

PRE-CVE

WebDisk 3.0.2 PhotoViewer iOS - Command Execution

Title source: legacy

Exploitation Summary

EIP tracks 1 public exploit for EIP-2026-102307. PoCs published by Vulnerability-Lab.

AI-analyzed exploit summary This is a detailed technical writeup describing a remote command execution vulnerability in WebDisk 3.0.2 for iOS. The vulnerability is located in the 'afgetdir.ma' file when processing manipulated path parameters, allowing code execution via the upload input field without requiring user interaction.

Description

WebDisk 3.0.2 PhotoViewer iOS - Command Execution

Exploits (1)

exploitdb WRITEUP

by Vulnerability-Lab · textwebappsios

https://www.exploit-db.com/exploits/27189

View Code ZIP pw:eip

This is a detailed technical writeup describing a remote command execution vulnerability in WebDisk 3.0.2 for iOS. The vulnerability is located in the 'afgetdir.ma' file when processing manipulated path parameters, allowing code execution via the upload input field without requiring user interaction.

Classification

Writeup 90%

Attack Type

Rce

Complexity

Moderate

Reliability

Reliable

Target: WebDisk PhotoViewer - Application 3.0.2

No auth needed

Prerequisites: Network access to the vulnerable device · WebDisk application running on iOS device

MITRE ATT&CK

T1189 - Drive-by Compromise T1203 - Exploitation for Client Execution

devstral-2 · analyzed Feb 18, 2026 Full analysis →

Details

Status pre_cve

Tracked Since Feb 18, 2026