EIP-2026-107314

PRE-CVE

Fusion SBX 1.2 - Remote Command Execution

Title source: legacy

Exploitation Summary

EIP tracks 1 public exploit for EIP-2026-107314. PoCs published by Silentium.

AI-analyzed exploit summary This exploit targets a vulnerability in Fusion SBX <= 1.2 by injecting arbitrary code via HTTP POST requests to the admin settings page. It leverages PHP functions (system, exec, or passthru) to achieve remote command execution with HTTPD privileges.

Description

Fusion SBX 1.2 - Remote Command Execution

Exploits (1)

exploitdb WORKING POC VERIFIED

by Silentium · cwebappsphp

https://www.exploit-db.com/exploits/1003

View Code ZIP pw:eip

This exploit targets a vulnerability in Fusion SBX <= 1.2 by injecting arbitrary code via HTTP POST requests to the admin settings page. It leverages PHP functions (system, exec, or passthru) to achieve remote command execution with HTTPD privileges.

Classification

Working Poc 95%

Attack Type

Rce

Complexity

Moderate

Reliability

Reliable

Target: Fusion SBX <= 1.2

No auth needed

Prerequisites: Network access to the target web server · Fusion SBX <= 1.2 installed and accessible

MITRE ATT&CK

T1189 - Drive-by Compromise T1190 - Exploit Public-Facing Application

devstral-2 · analyzed Feb 18, 2026 Full analysis →

Details

Status pre_cve

Tracked Since Feb 18, 2026