EIP-2026-107555

PRE-CVE

Harland Scripts 11 - Products Remote Command Execution

Title source: legacy
STIX 2.1

Exploitation Summary

EIP tracks 1 public exploit for EIP-2026-107555. PoCs published by G4N0K.

AI-analyzed exploit summary This PHP exploit targets multiple Harland Scripts products by injecting malicious PHP code into template files via an unauthenticated template save vulnerability, enabling remote command execution. It leverages a POST request to inject a payload that includes a passthru function for command execution.

Description

Harland Scripts 11 - Products Remote Command Execution

Exploits (1)

exploitdb WORKING POC VERIFIED
by G4N0K · phpwebappsphp
https://www.exploit-db.com/exploits/8699

This PHP exploit targets multiple Harland Scripts products by injecting malicious PHP code into template files via an unauthenticated template save vulnerability, enabling remote command execution. It leverages a POST request to inject a payload that includes a passthru function for command execution.

Classification
Working Poc 95%
Attack Type
Rce
Complexity
Moderate
Reliability
Reliable
Target: Harland Scripts (11 products including FFA, Traffic Click 4 Cash, etc.)
No auth needed
Prerequisites: Network access to the target web application · Vulnerable Harland Scripts installation
devstral-2 · analyzed Feb 16, 2026 Full analysis →

Details

Status pre_cve
Tracked Since Feb 18, 2026