This exploit demonstrates two separate vulnerabilities in PHP: a directory traversal via CURL with the 'file://' scheme and an arbitrary file write via the imagegif function. Both can be used to bypass 'safe_dir' restrictions and achieve remote code execution or information disclosure.
Classification
Working Poc 90%
Attack Type
Rce | Info Leak
Target:
PHP (versions affected by CVE-2026-104694)
No auth needed
Prerequisites:
PHP installation with vulnerable configuration · Ability to upload or control a PHP script on the target system