EIP-2026-108067

PRE-CVE

jbFileManager - Directory Traversal

Title source: legacy

Exploitation Summary

EIP tracks 1 public exploit for EIP-2026-108067. PoCs published by HaHwul.

AI-analyzed exploit summary This exploit demonstrates a path traversal vulnerability in jbFileManager, allowing unauthorized directory listing, file deletion, and file upload outside the intended directory. The PoC includes HTTP requests for viewing, deleting, and uploading files using directory traversal sequences.

Description

jbFileManager - Directory Traversal

Exploits (1)

exploitdb WORKING POC

by HaHwul · textwebappsphp

https://www.exploit-db.com/exploits/39956

View Code ZIP pw:eip

This exploit demonstrates a path traversal vulnerability in jbFileManager, allowing unauthorized directory listing, file deletion, and file upload outside the intended directory. The PoC includes HTTP requests for viewing, deleting, and uploading files using directory traversal sequences.

Classification

Working Poc 95%

Attack Type

Info Leak | Auth Bypass

Complexity

Trivial

Reliability

Reliable

Target: jbFileManager (latest commit as of 2016-06-15)

No auth needed

Prerequisites: Network access to the target application

MITRE ATT&CK

T1006 - Direct Volume Access T1083 - File and Directory Discovery

devstral-2 · analyzed Feb 16, 2026 Full analysis →

Details

Status pre_cve

Tracked Since Feb 18, 2026