EIP-2026-104876

PRE-CVE

A2billing 2.x - Backup File Download / Remote Code Execution

Title source: legacy

Exploitation Summary

EIP tracks 1 public exploit for EIP-2026-104876. PoCs published by 0x4148.

AI-analyzed exploit summary This exploit chains an unauthenticated backup dump vulnerability with an SQL injection to achieve remote code execution (RCE) in A2billing 2.x. The attacker injects malicious PHP code into the database via SQLi, then triggers a backup to a .php file, allowing arbitrary command execution.

Description

A2billing 2.x - Backup File Download / Remote Code Execution

Exploits (1)

exploitdb WORKING POC

by 0x4148 · textwebappsphp

https://www.exploit-db.com/exploits/42616

View Code ZIP pw:eip

This exploit chains an unauthenticated backup dump vulnerability with an SQL injection to achieve remote code execution (RCE) in A2billing 2.x. The attacker injects malicious PHP code into the database via SQLi, then triggers a backup to a .php file, allowing arbitrary command execution.

Classification

Working Poc 100%

Attack Type

Rce

Complexity

Moderate

Reliability

Reliable

Target: A2billing 2.x

No auth needed

Prerequisites: Network access to the target · A2billing 2.x instance with exposed admin interface

MITRE ATT&CK

T1190 - Exploit Public-Facing Application T1203 - Exploitation for Client Execution T1505 - Server Software Component

devstral-2 · analyzed Feb 16, 2026 Full analysis →

Details

Status pre_cve

Tracked Since Feb 18, 2026