EIP-2026-106674

PRE-CVE

e107 plugin fm pro 1 - File Disclosure / Arbitrary File Upload / Directory Traversal

Title source: legacy

Exploitation Summary

EIP tracks 1 public exploit for EIP-2026-106674. PoCs published by GoLd_M.

AI-analyzed exploit summary This is a writeup detailing multiple vulnerabilities in e107 Plugin fm pro v1, including remote file disclosure, file upload, and directory traversal. It provides endpoints and parameters for exploitation but lacks executable code.

Description

e107 plugin fm pro 1 - File Disclosure / Arbitrary File Upload / Directory Traversal

Exploits (1)

exploitdb WRITEUP VERIFIED

by GoLd_M · textwebappsphp

https://www.exploit-db.com/exploits/6865

View Code ZIP pw:eip

This is a writeup detailing multiple vulnerabilities in e107 Plugin fm pro v1, including remote file disclosure, file upload, and directory traversal. It provides endpoints and parameters for exploitation but lacks executable code.

Classification

Writeup 90%

Attack Type

Info Leak | Auth Bypass | Other

Complexity

Trivial

Reliability

Theoretical

Target: e107 Plugin fm pro v1

No auth needed

Prerequisites: access to the target web application

MITRE ATT&CK

T1005 - Data from Local System T1105 - Ingress Tool Transfer T1083 - File and Directory Discovery

devstral-2 · analyzed Feb 16, 2026 Full analysis →

Details

Status pre_cve

Tracked Since Feb 18, 2026