EIP-2026-104644

PRE-CVE

PHP 4.3.x/5.0 - 'openlog()' Buffer Overflow

Title source: legacy

Exploitation Summary

EIP tracks 1 public exploit for EIP-2026-104644. PoCs published by [email protected].

AI-analyzed exploit summary This exploit demonstrates a buffer overflow in the PHP openlog() function by passing an excessively long string (1500 'X' characters) as the first argument. The vulnerability can lead to denial of service or arbitrary code execution in the PHP interpreter.

Description

PHP 4.3.x/5.0 - 'openlog()' Buffer Overflow

Exploits (1)

exploitdb WORKING POC VERIFIED

by [email protected] · phpdosphp

https://www.exploit-db.com/exploits/22435

View Code ZIP pw:eip

This exploit demonstrates a buffer overflow in the PHP openlog() function by passing an excessively long string (1500 'X' characters) as the first argument. The vulnerability can lead to denial of service or arbitrary code execution in the PHP interpreter.

Classification

Working Poc 90%

Attack Type

Dos

Complexity

Trivial

Reliability

Reliable

Target: PHP 4.3.1 and later

No auth needed

Prerequisites: PHP installation with vulnerable openlog() function

MITRE ATT&CK

T1190 - Exploit Public-Facing Application

devstral-2 · analyzed Feb 16, 2026 Full analysis →

Details

Status pre_cve

Tracked Since Feb 18, 2026