EIP-2026-109961

PRE-CVE

Nova CMS - Directory Traversal

Title source: legacy

Exploitation Summary

EIP tracks 1 public exploit for EIP-2026-109961. PoCs published by Red Security TEAM.

AI-analyzed exploit summary This is a writeup describing a directory traversal vulnerability in Nova CMS, allowing authenticated users to navigate directories within the uploads folder. It outlines steps to exploit the flaw via the forum's file attachment feature.

Description

Nova CMS - Directory Traversal

Exploits (1)

exploitdb WRITEUP VERIFIED

by Red Security TEAM · textwebappsphp

https://www.exploit-db.com/exploits/18403

View Code ZIP pw:eip

This is a writeup describing a directory traversal vulnerability in Nova CMS, allowing authenticated users to navigate directories within the uploads folder. It outlines steps to exploit the flaw via the forum's file attachment feature.

Classification

Writeup 90%

Attack Type

Info Leak

Complexity

Trivial

Reliability

Reliable

Target: Nova CMS (version unspecified, likely pre-2012)

Auth required

Prerequisites: Registered user account · Access to forum's 'NEW TOPIC' feature

MITRE ATT&CK

T1006 - Direct Volume Access

devstral-2 · analyzed Feb 16, 2026 Full analysis →

Details

Status pre_cve

Tracked Since Feb 18, 2026