EIP-2026-111919

PRE-CVE

School ERP Pro+Responsive 1.0 - Arbitrary File Download

Title source: legacy

Exploitation Summary

EIP tracks 1 public exploit for EIP-2026-111919. PoCs published by Ihsan Sencan.

AI-analyzed exploit summary This exploit demonstrates an arbitrary file download vulnerability in School ERP Pro+Responsive 1.0. The vulnerability arises from improper input validation in the 'document' parameter, allowing attackers to download sensitive files like '/etc/passwd' via directory traversal.

Description

School ERP Pro+Responsive 1.0 - Arbitrary File Download

Exploits (1)

exploitdb WORKING POC

by Ihsan Sencan · textwebappsphp

https://www.exploit-db.com/exploits/45662

View Code ZIP pw:eip

This exploit demonstrates an arbitrary file download vulnerability in School ERP Pro+Responsive 1.0. The vulnerability arises from improper input validation in the 'document' parameter, allowing attackers to download sensitive files like '/etc/passwd' via directory traversal.

Classification

Working Poc 95%

Attack Type

Info Leak

Complexity

Trivial

Reliability

Reliable

Target: School ERP Pro+Responsive 1.0

No auth needed

Prerequisites: Access to the vulnerable endpoint · Knowledge of the target file path

MITRE ATT&CK

T1083 - File and Directory Discovery T1105 - Ingress Tool Transfer

devstral-2 · analyzed Feb 16, 2026 Full analysis →

Details

Status pre_cve

Tracked Since Feb 18, 2026