EIP-2026-107126
PRE-CVEFlatFile Login System - Remote Password Disclosure
Title source: legacyExploitation Summary
EIP tracks 1 public exploit for EIP-2026-107126. PoCs published by ViRuSMaN.
AI-analyzed exploit summary This is a writeup describing an information disclosure vulnerability in FlatFile system where user credentials are stored in plaintext in 'userlist.txt'. The exploit simply instructs accessing this file directly via URL.
Description
FlatFile Login System - Remote Password Disclosure
Exploits (1)
exploitdb
WRITEUP
VERIFIED
by ViRuSMaN · textwebappsphp
https://www.exploit-db.com/exploits/11515
This is a writeup describing an information disclosure vulnerability in FlatFile system where user credentials are stored in plaintext in 'userlist.txt'. The exploit simply instructs accessing this file directly via URL.
Classification
Writeup 90%
Attack Type
Info Leak
Complexity
Trivial
Reliability
Reliable
Target:
FlatFile (version unspecified)
No auth needed
Prerequisites:
Target must have FlatFile system installed with default configuration
MITRE ATT&CK
devstral-2 · analyzed Feb 16, 2026
Full analysis →
Details
Status
pre_cve
Tracked Since
Feb 18, 2026