EIP-2026-107418

PRE-CVE

Gkplugins Picasaweb - Download File

Title source: legacy
STIX 2.1

Exploitation Summary

EIP tracks 1 public exploit for EIP-2026-107418. PoCs published by TMT zno.

AI-analyzed exploit summary This exploit demonstrates a directory traversal vulnerability in the Gkplugins Picasaweb plugin, allowing unauthorized file download via manipulated GET parameters. The PoC shows how an attacker can access arbitrary files by traversing directories.

Description

Gkplugins Picasaweb - Download File

Exploits (1)

exploitdb WORKING POC
by TMT zno · textwebappsphp
https://www.exploit-db.com/exploits/37769

This exploit demonstrates a directory traversal vulnerability in the Gkplugins Picasaweb plugin, allowing unauthorized file download via manipulated GET parameters. The PoC shows how an attacker can access arbitrary files by traversing directories.

Classification
Working Poc 90%
Attack Type
Info Leak
Complexity
Trivial
Reliability
Reliable
Target: Gkplugins Picasaweb (version unspecified)
No auth needed
Prerequisites: Access to the vulnerable plugin endpoint
devstral-2 · analyzed Feb 16, 2026 Full analysis →

Details

Status pre_cve
Tracked Since Feb 18, 2026