EIP-2026-107001

PRE-CVE

EZ Publish 2.2.7/3.0 - Multiple Full Path Disclosure Vulnerabilities

Title source: legacy

Exploitation Summary

EIP tracks 1 public exploit for EIP-2026-107001. PoCs published by gregory Le Bras.

AI-analyzed exploit summary This exploit demonstrates path disclosure vulnerabilities in eZ Publish by making HTTP requests to specific affected pages, resulting in the disclosure of path information to the attacker.

Description

EZ Publish 2.2.7/3.0 - Multiple Full Path Disclosure Vulnerabilities

Exploits (1)

exploitdb WORKING POC VERIFIED

by gregory Le Bras · textwebappsphp

https://www.exploit-db.com/exploits/22492

View Code ZIP pw:eip

This exploit demonstrates path disclosure vulnerabilities in eZ Publish by making HTTP requests to specific affected pages, resulting in the disclosure of path information to the attacker.

Classification

Working Poc 90%

Attack Type

Info Leak

Complexity

Trivial

Reliability

Reliable

Target: eZ Publish

No auth needed

Prerequisites: Access to the target eZ Publish instance

MITRE ATT&CK

T1119 - Automated Collection

devstral-2 · analyzed Feb 18, 2026 Full analysis →

Details

Status pre_cve

Tracked Since Feb 18, 2026