EIP-2026-112581

PRE-CVE

TeamPass Passwords Management System 2.1.26 - Arbitrary File Download

Title source: legacy

Exploitation Summary

EIP tracks 1 public exploit for EIP-2026-112581. PoCs published by Hasan Emre Ozer.

AI-analyzed exploit summary The advisory details an arbitrary file download vulnerability in TeamPass Passwords Management System <= 2.1.26, where the 'downloadFile.php' script allows unauthenticated attackers to download sensitive files via directory traversal in the 'sub' and 'file' GET parameters. The technical analysis includes a proof-of-concept URL and code snippet demonstrating the vulnerability.

Description

TeamPass Passwords Management System 2.1.26 - Arbitrary File Download

Exploits (1)

exploitdb WRITEUP

by Hasan Emre Ozer · textwebappsphp

https://www.exploit-db.com/exploits/40140

View Code ZIP pw:eip

The advisory details an arbitrary file download vulnerability in TeamPass Passwords Management System <= 2.1.26, where the 'downloadFile.php' script allows unauthenticated attackers to download sensitive files via directory traversal in the 'sub' and 'file' GET parameters. The technical analysis includes a proof-of-concept URL and code snippet demonstrating the vulnerability.

Classification

Writeup 90%

Attack Type

Info Leak

Complexity

Trivial

Reliability

Reliable

Target: TeamPass Passwords Management System <= 2.1.26

No auth needed

Prerequisites: Network access to the target application

MITRE ATT&CK

T1530 - Data from Cloud Storage

devstral-2 · analyzed Feb 18, 2026 Full analysis →

Details

Status pre_cve

Tracked Since Feb 18, 2026