EIP-2026-107615

PRE-CVE

Horde Help Viewer 3.1 - Remote Command Execution

Title source: legacy

Exploitation Summary

EIP tracks 1 public exploit for EIP-2026-107615. PoCs published by deese.

AI-analyzed exploit summary This Perl script exploits a command injection vulnerability in the Horde help module by injecting arbitrary commands via the 'module' parameter. It uses LWP to send crafted HTTP requests and retrieves command output from the response.

Description

Horde Help Viewer 3.1 - Remote Command Execution

Exploits (1)

exploitdb WORKING POC VERIFIED

by deese · perlwebappsphp

https://www.exploit-db.com/exploits/1650

View Code ZIP pw:eip

This Perl script exploits a command injection vulnerability in the Horde help module by injecting arbitrary commands via the 'module' parameter. It uses LWP to send crafted HTTP requests and retrieves command output from the response.

Classification

Working Poc 90%

Attack Type

Rce

Complexity

Trivial

Reliability

Reliable

Target: Horde help module (version unspecified)

No auth needed

Prerequisites: Network access to the target Horde instance · Perl with LWP::UserAgent installed

MITRE ATT&CK

T1190 - Exploit Public-Facing Application T1059 - Command and Scripting Interpreter

devstral-2 · analyzed Feb 16, 2026 Full analysis →

Details

Status pre_cve

Tracked Since Feb 18, 2026