EIP-2026-107801

PRE-CVE

iManager Plugin 1.2.8 - 'd' Arbitrary File Deletion

Title source: legacy

Exploitation Summary

EIP tracks 1 public exploit for EIP-2026-107801. PoCs published by LiquidWorm.

AI-analyzed exploit summary The exploit demonstrates an arbitrary file deletion vulnerability in iManager Plugin v1.2.8 via unsanitized input in the 'd' parameter, allowing directory traversal attacks to delete files with web server permissions.

Description

iManager Plugin 1.2.8 - 'd' Arbitrary File Deletion

Exploits (1)

exploitdb WORKING POC

by LiquidWorm · textwebappsphp

https://www.exploit-db.com/exploits/17852

View Code ZIP pw:eip

The exploit demonstrates an arbitrary file deletion vulnerability in iManager Plugin v1.2.8 via unsanitized input in the 'd' parameter, allowing directory traversal attacks to delete files with web server permissions.

Classification

Working Poc 95%

Attack Type

Other

Complexity

Trivial

Reliability

Reliable

Target: iManager Plugin v1.2.8 (Build 02012008)

No auth needed

Prerequisites: Access to the vulnerable endpoint · Knowledge of target file paths

MITRE ATT&CK

T1006 - Direct Volume Access

devstral-2 · analyzed Feb 18, 2026 Full analysis →

Details

Status pre_cve

Tracked Since Feb 18, 2026