EIP-2026-112833

PRE-CVE

Typo3 3.5 b5 - 'showpic.php' File Enumeration

Title source: legacy

Exploitation Summary

EIP tracks 1 public exploit for EIP-2026-112833. PoCs published by Martin Eiszner.

AI-analyzed exploit summary This Perl script exploits an information disclosure vulnerability in TYPO3's 'showpic.php' and 'thumbs.php' scripts by checking if a file exists on the server via a crafted MD5 hash. It does not execute arbitrary code but confirms file presence.

Description

Typo3 3.5 b5 - 'showpic.php' File Enumeration

Exploits (1)

exploitdb SCANNER VERIFIED

by Martin Eiszner · perlwebappsphp

https://www.exploit-db.com/exploits/22297

View Code ZIP pw:eip

This Perl script exploits an information disclosure vulnerability in TYPO3's 'showpic.php' and 'thumbs.php' scripts by checking if a file exists on the server via a crafted MD5 hash. It does not execute arbitrary code but confirms file presence.

Classification

Scanner 95%

Attack Type

Info Leak

Complexity

Trivial

Reliability

Reliable

Target: TYPO3 (version not specified)

No auth needed

Prerequisites: Target server running TYPO3 with vulnerable 'showpic.php' or 'thumbs.php' scripts

MITRE ATT&CK

T1592 - Gather Victim Host Information

devstral-2 · analyzed Feb 18, 2026 Full analysis →

Details

Status pre_cve

Tracked Since Feb 18, 2026