EIP-2026-104656

PRE-CVE

PHP 5.2.8 - 'popen()' Function Buffer Overflow

Title source: legacy

Exploitation Summary

EIP tracks 1 public exploit for EIP-2026-104656. PoCs published by e.wiZz!.

AI-analyzed exploit summary This exploit attempts to trigger a buffer overflow in PHP by passing an excessively long string as the mode argument to the popen() function. The vulnerability is due to insufficient boundary checks in PHP versions 5.2.8 and prior.

Description

PHP 5.2.8 - 'popen()' Function Buffer Overflow

Exploits (1)

exploitdb WORKING POC VERIFIED

by e.wiZz! · phpdosphp

https://www.exploit-db.com/exploits/32715

View Code ZIP pw:eip

This exploit attempts to trigger a buffer overflow in PHP by passing an excessively long string as the mode argument to the popen() function. The vulnerability is due to insufficient boundary checks in PHP versions 5.2.8 and prior.

Classification

Working Poc 80%

Attack Type

Rce

Complexity

Trivial

Reliability

Theoretical

Target: PHP 5.2.8 and prior

No auth needed

Prerequisites: PHP 5.2.8 or prior installed on the target system

MITRE ATT&CK

T1190 - Exploit Public-Facing Application

devstral-2 · analyzed Feb 18, 2026 Full analysis →

Details

Status pre_cve

Tracked Since Feb 18, 2026