Exploitation Summary
EIP tracks 1 public exploit for EIP-2026-107418. PoCs published by TMT zno.
AI-analyzed exploit summary This exploit demonstrates a directory traversal vulnerability in the Gkplugins Picasaweb plugin, allowing unauthorized file download via manipulated GET parameters. The PoC shows how an attacker can access arbitrary files by traversing directories.
Description
Gkplugins Picasaweb - Download File
Exploits (1)
exploitdb
WORKING POC
by TMT zno · textwebappsphp
https://www.exploit-db.com/exploits/37769
This exploit demonstrates a directory traversal vulnerability in the Gkplugins Picasaweb plugin, allowing unauthorized file download via manipulated GET parameters. The PoC shows how an attacker can access arbitrary files by traversing directories.
Classification
Working Poc 90%
Attack Type
Info Leak
Complexity
Trivial
Reliability
Reliable
Target:
Gkplugins Picasaweb (version unspecified)
No auth needed
Prerequisites:
Access to the vulnerable plugin endpoint
devstral-2 · analyzed Feb 16, 2026
Full analysis →
Details
Status
pre_cve
Tracked Since
Feb 18, 2026