EIP-2026-110688

PRE-CVE

PHP Easy Downloader 1.5 - 'file' File Disclosure

Title source: legacy

Exploitation Summary

EIP tracks 1 public exploit for EIP-2026-110688. PoCs published by LMaster.

AI-analyzed exploit summary The exploit demonstrates a directory traversal vulnerability in PHP Easy Downloader <= 1.5, allowing remote attackers to download arbitrary files by manipulating the 'file' parameter. The provided URL example shows how to retrieve the 'index.php' file, confirming the vulnerability.

Description

PHP Easy Downloader 1.5 - 'file' File Disclosure

Exploits (1)

exploitdb WORKING POC VERIFIED

by LMaster · textwebappsphp

https://www.exploit-db.com/exploits/6770

View Code ZIP pw:eip

The exploit demonstrates a directory traversal vulnerability in PHP Easy Downloader <= 1.5, allowing remote attackers to download arbitrary files by manipulating the 'file' parameter. The provided URL example shows how to retrieve the 'index.php' file, confirming the vulnerability.

Classification

Working Poc 90%

Attack Type

Info Leak

Complexity

Trivial

Reliability

Reliable

Target: PHP Easy Downloader <= 1.5

No auth needed

Prerequisites: Access to the target web application

MITRE ATT&CK

T1005 - Data from Local System

devstral-2 · analyzed Feb 18, 2026 Full analysis →

Details

Status pre_cve

Tracked Since Feb 18, 2026