EIP-2026-110633

PRE-CVE

PHP 7.4 FFI - 'disable_functions' Bypass

Title source: legacy

Exploitation Summary

EIP tracks 1 public exploit for EIP-2026-110633. PoCs published by hunter gregal.

AI-analyzed exploit summary This exploit leverages three FFI (Foreign Function Interface) bugs in PHP to achieve arbitrary code execution by manipulating memory and hijacking control flow to call `zif_system`. It demonstrates a complex exploit chain involving memory leaks, pointer manipulation, and function pointer hijacking.

Description

PHP 7.4 FFI - 'disable_functions' Bypass

Exploits (1)

exploitdb WORKING POC

by hunter gregal · phpwebappsphp

https://www.exploit-db.com/exploits/48655

View Code ZIP pw:eip

This exploit leverages three FFI (Foreign Function Interface) bugs in PHP to achieve arbitrary code execution by manipulating memory and hijacking control flow to call `zif_system`. It demonstrates a complex exploit chain involving memory leaks, pointer manipulation, and function pointer hijacking.

Classification

Working Poc 95%

Attack Type

Rce

Complexity

Complex

Reliability

Reliable

Target: PHP 7.4.7, PHP 7.4.3 (with FFI enabled)

No auth needed

Prerequisites: FFI extension enabled in PHP · PHP version 7.4.x

MITRE ATT&CK

T1068 - Exploitation for Privilege Escalation T1203 - Exploitation for Client Execution

devstral-2 · analyzed Feb 18, 2026 Full analysis →

Details

Status pre_cve

Tracked Since Feb 18, 2026