EIP-2026-107460

Exploitation Summary

EIP tracks 1 public exploit for EIP-2026-107460. PoCs published by Dawid Golunski.

AI-analyzed exploit summary This is a detailed technical analysis of CVE-2015-130433, a vulnerability in the Google AdWords API PHP client library <= 6.2.0. It describes a path traversal and code execution flaw in the WSDLInterpreter class, which fails to sanitize WSDL input and validate SSL certificates, allowing arbitrary PHP code execution via MitM attacks.

Description

Google AdWords API PHP client library 6.2.0 - Arbitrary PHP Code Execution

Exploits (1)

exploitdb WRITEUP

by Dawid Golunski · textwebappsphp

https://www.exploit-db.com/exploits/38649

View Code ZIP pw:eip

This is a detailed technical analysis of CVE-2015-130433, a vulnerability in the Google AdWords API PHP client library <= 6.2.0. It describes a path traversal and code execution flaw in the WSDLInterpreter class, which fails to sanitize WSDL input and validate SSL certificates, allowing arbitrary PHP code execution via MitM attacks.

Classification

Writeup 95%

Attack Type

Rce

Complexity

Moderate

Reliability

Theoretical

Target: Google AdWords API PHP client library <= 6.2.0

No auth needed

Prerequisites: MitM attack capability (e.g., DNS poisoning, ARP spoofing) · Victim application using the vulnerable library · Writable directory on the target system

MITRE ATT&CK

T1189 - Drive-by Compromise T1059 - Command and Scripting Interpreter T1190 - Exploit Public-Facing Application

devstral-2 · analyzed Feb 18, 2026 Full analysis →

Google AdWords API PHP client library 6.2.0 - Arbitrary PHP Code Execution

Exploitation Summary

Description

Exploits (1)

Details