EIP-2026-106585

PRE-CVE

Drupal < 4.7.6 - Post Comments Remote Command Execution

Title source: legacy

Exploitation Summary

EIP tracks 1 public exploit for EIP-2026-106585. PoCs published by str0ke.

AI-analyzed exploit summary This exploit targets a remote command execution vulnerability in Drupal versions before 4.7.6 by injecting PHP code via the comment preview functionality. It leverages the 'post comments' permission and access to multiple input filters to execute arbitrary commands.

Description

Drupal < 4.7.6 - Post Comments Remote Command Execution

Exploits (1)

exploitdb WORKING POC VERIFIED

by str0ke · perlwebappsphp

https://www.exploit-db.com/exploits/3313

View Code ZIP pw:eip

This exploit targets a remote command execution vulnerability in Drupal versions before 4.7.6 by injecting PHP code via the comment preview functionality. It leverages the 'post comments' permission and access to multiple input filters to execute arbitrary commands.

Classification

Working Poc 95%

Attack Type

Rce

Complexity

Moderate

Reliability

Reliable

Target: Drupal < 4.7.6

Auth required

Prerequisites: User with 'post comments' permission · Access to more than one input filter

MITRE ATT&CK

T1190 - Exploit Public-Facing Application T1203 - Exploitation for Client Execution

devstral-2 · analyzed Feb 16, 2026 Full analysis →

Details

Status pre_cve

Tracked Since Feb 18, 2026