EIP-2026-102946

PRE-CVE

PHP - 'Safe_mode' Bypass via 'proc_open()' and custom Environment

Title source: legacy

Exploitation Summary

EIP tracks 1 public exploit for EIP-2026-102946. PoCs published by gat3way.

AI-analyzed exploit summary This exploit bypasses PHP safe_mode by leveraging proc_open() to inject a malicious shared library via LD_PRELOAD, achieving remote command execution. The PoC requires uploading a compiled shared library and a PHP script to a writable directory.

Description

PHP - 'Safe_mode' Bypass via 'proc_open()' and custom Environment

Exploits (1)

exploitdb WORKING POC VERIFIED

by gat3way · textlocallinux

https://www.exploit-db.com/exploits/7393

View Code ZIP pw:eip

This exploit bypasses PHP safe_mode by leveraging proc_open() to inject a malicious shared library via LD_PRELOAD, achieving remote command execution. The PoC requires uploading a compiled shared library and a PHP script to a writable directory.

Classification

Working Poc 95%

Attack Type

Rce

Complexity

Moderate

Reliability

Reliable

Target: PHP (with safe_mode enabled)

No auth needed

Prerequisites: writable directory under document root · proc_open not in disabled_functions · ability to compile shared library on target platform

MITRE ATT&CK

T1559 - Inter-Process Communication T1574 - Hijack Execution Flow

devstral-2 · analyzed Feb 16, 2026 Full analysis →

Details

Status pre_cve

Tracked Since Feb 18, 2026