EIP-2026-105805

PRE-CVE

Chamilo 1.8.7 / Dokeos 1.8.6 - Remote File Disclosure

Title source: legacy

Exploitation Summary

EIP tracks 1 public exploit for EIP-2026-105805. PoCs published by beford.

AI-analyzed exploit summary The writeup describes two file disclosure vulnerabilities in Chamilo 1.8.7 and Dokeos 1.8.6, allowing authenticated users to read arbitrary files via path traversal in `open_document.php` and `download.php`. The second flaw involves a flawed filter bypass using `..././` sequences.

Description

Chamilo 1.8.7 / Dokeos 1.8.6 - Remote File Disclosure

Exploits (1)

exploitdb WRITEUP

by beford · textwebappsphp

https://www.exploit-db.com/exploits/16114

View Code ZIP pw:eip

The writeup describes two file disclosure vulnerabilities in Chamilo 1.8.7 and Dokeos 1.8.6, allowing authenticated users to read arbitrary files via path traversal in `open_document.php` and `download.php`. The second flaw involves a flawed filter bypass using `..././` sequences.

Classification

Writeup 100%

Attack Type

Info Leak

Complexity

Trivial

Reliability

Reliable

Target: Chamilo 1.8.7, Dokeos 1.8.6

Auth required

Prerequisites: Authenticated user account · Subscription to a course

MITRE ATT&CK

T1005 - Data from Local System T1083 - File and Directory Discovery

devstral-2 · analyzed Feb 16, 2026 Full analysis →

Details

Status pre_cve

Tracked Since Feb 18, 2026