EIP-2026-112740

PRE-CVE

TomatoCart - Backup

Title source: legacy
STIX 2.1

Exploitation Summary

EIP tracks 1 public exploit for EIP-2026-112740. PoCs published by indoushka.

AI-analyzed exploit summary The exploit describes an information leakage vulnerability in TomatoCart's backup functionality, where sensitive credentials (username and password) can be exposed in line 42 of the backup file. No functional exploit code is provided, but the technical detail about the location of the credentials is specific.

Description

TomatoCart - Backup

Exploits (1)

exploitdb WRITEUP
by indoushka · textwebappsphp
https://www.exploit-db.com/exploits/10683

The exploit describes an information leakage vulnerability in TomatoCart's backup functionality, where sensitive credentials (username and password) can be exposed in line 42 of the backup file. No functional exploit code is provided, but the technical detail about the location of the credentials is specific.

Classification
Writeup 80%
Attack Type
Info Leak
Complexity
Trivial
Reliability
Reliable
Target: TomatoCart (Copyright (c) 2009 Wuxi Elootec Technology Co., Ltd; Copyright (c) 2005 osCommerce)
No auth needed
Prerequisites: Access to the backup file via the admin/backups/ directory
devstral-2 · analyzed Feb 18, 2026 Full analysis →

Details

Status pre_cve
Tracked Since Feb 18, 2026