EIP-2026-100915

PRE-CVE

Trouble Ticket Express 3.01 - Remote Code Execution / Directory Traversal

Title source: legacy

Exploitation Summary

EIP tracks 1 public exploit for EIP-2026-100915. PoCs published by zombiefx.

AI-analyzed exploit summary This Perl script exploits a command injection vulnerability in Trouble Ticket Express by appending arbitrary commands to the 'fn' parameter in the 'file' command. It demonstrates remote code execution by sending user input as system commands via the vulnerable CGI endpoint.

Description

Trouble Ticket Express 3.01 - Remote Code Execution / Directory Traversal

Exploits (1)

exploitdb WORKING POC VERIFIED

by zombiefx · perlwebappscgi

https://www.exploit-db.com/exploits/11723

View Code ZIP pw:eip

This Perl script exploits a command injection vulnerability in Trouble Ticket Express by appending arbitrary commands to the 'fn' parameter in the 'file' command. It demonstrates remote code execution by sending user input as system commands via the vulnerable CGI endpoint.

Classification

Working Poc 90%

Attack Type

Rce

Complexity

Trivial

Reliability

Reliable

Target: Trouble Ticket Express v3.01, v3.0, v2.24, v2.21

No auth needed

Prerequisites: Attachment input availability in the target application · Network access to the vulnerable CGI endpoint

MITRE ATT&CK

T1190 - Exploit Public-Facing Application T1203 - Exploitation for Client Execution

devstral-2 · analyzed Feb 16, 2026 Full analysis →

Details

Status pre_cve

Tracked Since Feb 18, 2026