EIP-2026-119328

PRE-CVE

yawcam 0.2.5 - Directory Traversal

Title source: legacy

Exploitation Summary

EIP tracks 1 public exploit for EIP-2026-119328. PoCs published by Donato Ferrante.

AI-analyzed exploit summary The exploit demonstrates a directory traversal vulnerability in Yawcam by sending HTTP GET requests with traversal sequences to access files outside the web root, such as 'system.ini'. The vulnerability allows unauthorized file access due to improper path sanitization.

Description

yawcam 0.2.5 - Directory Traversal

Exploits (1)

exploitdb WORKING POC VERIFIED

by Donato Ferrante · textremotewindows

https://www.exploit-db.com/exploits/25487

View Code ZIP pw:eip

The exploit demonstrates a directory traversal vulnerability in Yawcam by sending HTTP GET requests with traversal sequences to access files outside the web root, such as 'system.ini'. The vulnerability allows unauthorized file access due to improper path sanitization.

Classification

Working Poc 90%

Attack Type

Info Leak

Complexity

Trivial

Reliability

Reliable

Target: Yawcam (version not specified)

No auth needed

Prerequisites: Network access to the Yawcam web server

MITRE ATT&CK

T1006 - Direct Volume Access

devstral-2 · analyzed Feb 18, 2026 Full analysis →

Details

Status pre_cve

Tracked Since Feb 18, 2026