EIP-2026-112598
PRE-CVETequila File Hosting 1.5 - Multiple Vulnerabilities
Title source: legacyExploitation Summary
EIP tracks 1 public exploit for EIP-2026-112598. PoCs published by Ashiyane Digital Security Team.
AI-analyzed exploit summary The exploit demonstrates an arbitrary file download vulnerability in Tequila File Hosting 1.5 due to insufficient path validation, allowing attackers to read sensitive files via directory traversal. It also includes an unrestricted file upload PoC and XSS examples.
Description
Tequila File Hosting 1.5 - Multiple Vulnerabilities
Exploits (1)
exploitdb
WORKING POC
VERIFIED
by Ashiyane Digital Security Team · textwebappsphp
https://www.exploit-db.com/exploits/38984
The exploit demonstrates an arbitrary file download vulnerability in Tequila File Hosting 1.5 due to insufficient path validation, allowing attackers to read sensitive files via directory traversal. It also includes an unrestricted file upload PoC and XSS examples.
Classification
Working Poc 95%
Attack Type
Info Leak
Complexity
Trivial
Reliability
Reliable
Target:
Tequila File Hosting Script 1.5
No auth needed
Prerequisites:
Access to the download.php endpoint · Basic knowledge of directory traversal
devstral-2 · analyzed Feb 16, 2026
Full analysis →
Details
Status
pre_cve
Tracked Since
Feb 18, 2026