EIP-2026-107233

PRE-CVE

FreePBX 13.0.35 - Remote Command Execution

Title source: legacy

Exploitation Summary

EIP tracks 1 public exploit for EIP-2026-107233. PoCs published by 0x4148.

AI-analyzed exploit summary The exploit demonstrates an authenticated remote code execution vulnerability in FreePBX 13.0.35. The flaw arises from unsanitized user input in the 'remotemod' parameter, which is passed to the 'exec' function in 'functions.inc.php', allowing command injection.

Description

FreePBX 13.0.35 - Remote Command Execution

Exploits (1)

exploitdb WORKING POC

by 0x4148 · textwebappsphp

https://www.exploit-db.com/exploits/40296

View Code ZIP pw:eip

The exploit demonstrates an authenticated remote code execution vulnerability in FreePBX 13.0.35. The flaw arises from unsanitized user input in the 'remotemod' parameter, which is passed to the 'exec' function in 'functions.inc.php', allowing command injection.

Classification

Working Poc 100%

Attack Type

Rce

Complexity

Trivial

Reliability

Reliable

Target: FreePBX 13.0.35

Auth required

Prerequisites: Authenticated access to the FreePBX admin panel

MITRE ATT&CK

T1202 - Indirect Command Execution T1190 - Exploit Public-Facing Application

devstral-2 · analyzed Feb 18, 2026 Full analysis →

Details

Status pre_cve

Tracked Since Feb 18, 2026