EIP-2026-118335

PRE-CVE

Buffy 1.3 - Directory Traversal

Title source: legacy

Exploitation Summary

EIP tracks 1 public exploit for EIP-2026-118335. PoCs published by Yakir Wizman.

AI-analyzed exploit summary This PHP script exploits a path traversal vulnerability in Buffy FTP Server v1.3, allowing unauthorized file read, delete, and directory removal via crafted RETR, DELE, and RMD commands. It interacts with the FTP server using socket operations and supports passive mode for file retrieval.

Description

Buffy 1.3 - Directory Traversal

Exploits (1)

exploitdb WORKING POC VERIFIED

by Yakir Wizman · phpremotewindows

https://www.exploit-db.com/exploits/15368

View Code ZIP pw:eip

This PHP script exploits a path traversal vulnerability in Buffy FTP Server v1.3, allowing unauthorized file read, delete, and directory removal via crafted RETR, DELE, and RMD commands. It interacts with the FTP server using socket operations and supports passive mode for file retrieval.

Classification

Working Poc 95%

Attack Type

Info Leak

Complexity

Trivial

Reliability

Reliable

Target: Buffy FTP Server v1.3

Auth required

Prerequisites: Network access to the FTP server · Valid FTP credentials

MITRE ATT&CK

T1006 - Direct Volume Access

devstral-2 · analyzed Feb 16, 2026 Full analysis →

Details

Status pre_cve

Tracked Since Feb 18, 2026