EIP-2026-119414

PRE-CVE

Pelco VideoXpert 1.12.105 - Directory Traversal

Title source: legacy

Exploitation Summary

EIP tracks 1 public exploit for EIP-2026-119414. PoCs published by LiquidWorm.

AI-analyzed exploit summary The exploit demonstrates a directory traversal vulnerability in Schneider Electric Pelco VideoXpert Core Admin Portal, allowing unauthenticated attackers to read arbitrary files on the server. The PoC includes HTTP requests that successfully retrieve sensitive files like `win.ini` and `key.pem`.

Description

Pelco VideoXpert 1.12.105 - Directory Traversal

Exploits (1)

exploitdb WORKING POC

by LiquidWorm · textwebappswindows

https://www.exploit-db.com/exploits/42311

View Code ZIP pw:eip

The exploit demonstrates a directory traversal vulnerability in Schneider Electric Pelco VideoXpert Core Admin Portal, allowing unauthenticated attackers to read arbitrary files on the server. The PoC includes HTTP requests that successfully retrieve sensitive files like `win.ini` and `key.pem`.

Classification

Working Poc 100%

Attack Type

Info Leak

Complexity

Trivial

Reliability

Reliable

Target: Schneider Electric Pelco VideoXpert Core Admin Portal (versions 2.0.41, 1.14.7, 1.12.105)

No auth needed

Prerequisites: Network access to the target server

MITRE ATT&CK

T1006 - Direct Volume Access

devstral-2 · analyzed Feb 18, 2026 Full analysis →

Details

Status pre_cve

Tracked Since Feb 18, 2026