EIP-2026-104967

PRE-CVE

Adult WebMaster PHP - Password Disclosure

Title source: legacy

Exploitation Summary

EIP tracks 1 public exploit for EIP-2026-104967. PoCs published by vinicius777.

AI-analyzed exploit summary This exploit discloses administrative credentials by accessing a hardcoded file path (`userpwdadfasdfre.txt`) in the Adult Webmaster PHP application. The vulnerability arises from insecure file handling in `admin/common.php`, where credentials are stored in plaintext and accessible without authentication.

Description

Adult WebMaster PHP - Password Disclosure

Exploits (1)

exploitdb WORKING POC

by vinicius777 · textwebappsphp

https://www.exploit-db.com/exploits/31147

View Code ZIP pw:eip

This exploit discloses administrative credentials by accessing a hardcoded file path (`userpwdadfasdfre.txt`) in the Adult Webmaster PHP application. The vulnerability arises from insecure file handling in `admin/common.php`, where credentials are stored in plaintext and accessible without authentication.

Classification

Working Poc 90%

Attack Type

Info Leak

Complexity

Trivial

Reliability

Reliable

Target: Adult Webmaster PHP (version unspecified)

No auth needed

Prerequisites: Network access to the target web server · Knowledge of the file path (`/home/caspers/public_html/demo/admin/userpwdadfasdfre.txt`)

MITRE ATT&CK

T1552 - Unsecured Credentials

devstral-2 · analyzed Feb 16, 2026 Full analysis →

Details

Status pre_cve

Tracked Since Feb 18, 2026