EIP-2026-107295

PRE-CVE

FTP2FTP 1.0 - Arbitrary File Download

Title source: legacy

Exploitation Summary

EIP tracks 1 public exploit for EIP-2026-107295. PoCs published by AkkuS.

AI-analyzed exploit summary The exploit demonstrates an arbitrary file download vulnerability in FTP2FTP 1.0 via the 'id' parameter in 'download2.php', allowing attackers to read sensitive files using directory traversal. The PoC includes a functional example URL to exploit the flaw.

Description

FTP2FTP 1.0 - Arbitrary File Download

Exploits (1)

exploitdb WORKING POC

by AkkuS · textwebappsphp

https://www.exploit-db.com/exploits/45054

View Code ZIP pw:eip

The exploit demonstrates an arbitrary file download vulnerability in FTP2FTP 1.0 via the 'id' parameter in 'download2.php', allowing attackers to read sensitive files using directory traversal. The PoC includes a functional example URL to exploit the flaw.

Classification

Working Poc 95%

Attack Type

Info Leak

Complexity

Trivial

Reliability

Reliable

Target: FTP2FTP 1.0

No auth needed

Prerequisites: Access to the vulnerable 'download2.php' endpoint

MITRE ATT&CK

T1005 - Data from Local System T1083 - File and Directory Discovery

devstral-2 · analyzed Feb 18, 2026 Full analysis →

Details

Status pre_cve

Tracked Since Feb 18, 2026