EIP-2026-103863

PRE-CVE

AssistMyTeam Team Helpdesk - Multiple Information Disclosure Vulnerabilities

Title source: legacy

Exploitation Summary

EIP tracks 1 public exploit for EIP-2026-103863. PoCs published by bhamb.

AI-analyzed exploit summary This Python script exploits an information disclosure vulnerability in AssistMyTeam Team Helpdesk 8.3.5 by fetching the 'cwacallers.xml' file, which contains user credentials. The script uses 'wget' to download the file and then parses it to extract usernames and encrypted passwords.

Description

AssistMyTeam Team Helpdesk - Multiple Information Disclosure Vulnerabilities

Exploits (1)

exploitdb WORKING POC VERIFIED

by bhamb · pythonremotemultiple

https://www.exploit-db.com/exploits/39175

View Code ZIP pw:eip

This Python script exploits an information disclosure vulnerability in AssistMyTeam Team Helpdesk 8.3.5 by fetching the 'cwacallers.xml' file, which contains user credentials. The script uses 'wget' to download the file and then parses it to extract usernames and encrypted passwords.

Classification

Working Poc 90%

Attack Type

Info Leak

Complexity

Trivial

Reliability

Reliable

Target: AssistMyTeam Team Helpdesk 8.3.5

No auth needed

Prerequisites: Network access to the target host · The 'cwacallers.xml' file must be accessible without authentication

MITRE ATT&CK

T1592 - Gather Victim Host Information

devstral-2 · analyzed Feb 18, 2026 Full analysis →

Details

Status pre_cve

Tracked Since Feb 18, 2026