EIP-2026-100896

PRE-CVE

SiteInteractive Subscribe Me - 'Setup.pl' Arbitrary Command Execution

Title source: legacy
STIX 2.1

Exploitation Summary

EIP tracks 1 public exploit for EIP-2026-100896. PoCs published by Paul Craig.

AI-analyzed exploit summary This exploit leverages insufficient sanitization in the SiteInteractive Subscribe Me setup.pl script to create a file with arbitrary Perl code execution. The attacker passes maliciously crafted URI parameters to execute shell commands via the 'notification' parameter.

Description

SiteInteractive Subscribe Me - 'Setup.pl' Arbitrary Command Execution

Exploits (1)

exploitdb WORKING POC VERIFIED
by Paul Craig · textwebappscgi
https://www.exploit-db.com/exploits/23447

This exploit leverages insufficient sanitization in the SiteInteractive Subscribe Me setup.pl script to create a file with arbitrary Perl code execution. The attacker passes maliciously crafted URI parameters to execute shell commands via the 'notification' parameter.

Classification
Working Poc 90%
Attack Type
Rce
Complexity
Trivial
Reliability
Reliable
Target: SiteInteractive Subscribe Me (version not specified)
No auth needed
Prerequisites: Target must have the vulnerable setup.pl script accessible · Perl must be installed on the target system
devstral-2 · analyzed Feb 16, 2026 Full analysis →

Details

Status pre_cve
Tracked Since Feb 18, 2026