EIP-2026-104720

Exploitation Summary

EIP tracks 1 public exploit for EIP-2026-104720. PoCs published by Raz0r.

AI-analyzed exploit summary This exploit leverages a deserialization vulnerability in the Drupal Coder module (SA-CONTRIB-2016-039) to achieve remote code execution. It crafts a malicious serialized payload that injects a command into the 'old_dir' parameter, which is then executed via a data URI request to the vulnerable endpoint.

Description

Drupal Module Coder < 7.x-1.3/7.x-2.6 - Remote Code Execution

Exploits (1)

exploitdb WORKING POC

by Raz0r · phpremotephp

https://www.exploit-db.com/exploits/40144

View Code ZIP pw:eip

This exploit leverages a deserialization vulnerability in the Drupal Coder module (SA-CONTRIB-2016-039) to achieve remote code execution. It crafts a malicious serialized payload that injects a command into the 'old_dir' parameter, which is then executed via a data URI request to the vulnerable endpoint.

Classification

Working Poc 95%

Attack Type

Rce

Complexity

Moderate

Reliability

Reliable

Target: Drupal Coder module (versions prior to the fix for SA-CONTRIB-2016-039)

No auth needed

Prerequisites: Target must have the vulnerable Coder module installed and accessible · PHP's allow_url_fopen must be enabled · Attacker must be able to send HTTP requests to the target

MITRE ATT&CK

T1189 - Drive-by Compromise T1059 - Command and Scripting Interpreter T1190 - Exploit Public-Facing Application

devstral-2 · analyzed Feb 16, 2026 Full analysis →

Drupal Module Coder < 7.x-1.3/7.x-2.6 - Remote Code Execution

Exploitation Summary

Description

Exploits (1)

Details