EIP-2026-102486

Exploitation Summary

EIP tracks 1 public exploit for EIP-2026-102486. PoCs published by Beach.

AI-analyzed exploit summary This exploit demonstrates an arbitrary file download vulnerability in JCMS 2010 due to lack of input validation in the downfile.jsp module. Attackers can download any file by manipulating the filename and pathfile parameters.

Description

JCMS 2010 - File Download

Exploits (1)

exploitdb WORKING POC

by Beach · textwebappsjsp

https://www.exploit-db.com/exploits/15596

View Code ZIP pw:eip

This exploit demonstrates an arbitrary file download vulnerability in JCMS 2010 due to lack of input validation in the downfile.jsp module. Attackers can download any file by manipulating the filename and pathfile parameters.

Classification

Working Poc 90%

Attack Type

Info Leak

Complexity

Trivial

Reliability

Reliable

Target: JCMS 2010

No auth needed

Prerequisites: Access to the target server's downfile.jsp endpoint

MITRE ATT&CK

T1083 - File and Directory Discovery T1105 - Ingress Tool Transfer

devstral-2 · analyzed Feb 16, 2026 Full analysis →

JCMS 2010 - File Download

Exploitation Summary

Description

Exploits (1)

Details