EIP-2026-118527
PRE-CVEEZ Publish 2.2.7/3.0 - site.ini Information Disclosure
Title source: legacyExploitation Summary
EIP tracks 1 public exploit for EIP-2026-118527. PoCs published by gregory Le Bras.
AI-analyzed exploit summary This is a writeup describing an information disclosure vulnerability in eZ Publish where the site.ini file can be accessed directly via HTTP, exposing plaintext administration credentials.
Description
EZ Publish 2.2.7/3.0 - site.ini Information Disclosure
Exploits (1)
exploitdb
WRITEUP
VERIFIED
by gregory Le Bras · textremotewindows
https://www.exploit-db.com/exploits/22488
This is a writeup describing an information disclosure vulnerability in eZ Publish where the site.ini file can be accessed directly via HTTP, exposing plaintext administration credentials.
Classification
Writeup 90%
Attack Type
Info Leak
Complexity
Trivial
Reliability
Reliable
Target:
eZ Publish (version not specified)
No auth needed
Prerequisites:
Network access to the target server
MITRE ATT&CK
devstral-2 · analyzed Feb 16, 2026
Full analysis →
Details
Status
pre_cve
Tracked Since
Feb 18, 2026