EIP-2026-104721

PRE-CVE

Drupal Module RESTWS 7.x - PHP Remote Code Execution (Metasploit)

Title source: legacy

Exploitation Summary

EIP tracks 1 public exploit for EIP-2026-104721. PoCs published by Mehmet Ince.

AI-analyzed exploit summary This Metasploit module exploits a vulnerability in the Drupal RESTWS module (7.x) by sending a crafted GET request to execute arbitrary PHP code via the 'passthru' function. The exploit leverages improper input validation in the module's page callbacks to achieve remote code execution.

Description

Drupal Module RESTWS 7.x - PHP Remote Code Execution (Metasploit)

Exploits (1)

exploitdb WORKING POC VERIFIED

by Mehmet Ince · rubyremotephp

https://www.exploit-db.com/exploits/40130

View Code ZIP pw:eip

This Metasploit module exploits a vulnerability in the Drupal RESTWS module (7.x) by sending a crafted GET request to execute arbitrary PHP code via the 'passthru' function. The exploit leverages improper input validation in the module's page callbacks to achieve remote code execution.

Classification

Working Poc 100%

Attack Type

Rce

Complexity

Trivial

Reliability

Reliable

Target: Drupal RESTWS Module 7.x

No auth needed

Prerequisites: Drupal 7.x with RESTWS module enabled · Network access to the target

MITRE ATT&CK

T1190 - Exploit Public-Facing Application T1059 - Command and Scripting Interpreter

devstral-2 · analyzed Feb 18, 2026 Full analysis →

Details

Status pre_cve

Tracked Since Feb 18, 2026