EIP-2026-110899

PRE-CVE

PHP-ping - 'Count' Command Execution

Title source: legacy

Exploitation Summary

EIP tracks 1 public exploit for EIP-2026-110899. PoCs published by ppp-design.

AI-analyzed exploit summary The exploit demonstrates a command injection vulnerability in php-ping.php via the 'count' parameter, allowing remote command execution with web server privileges. The provided URLs show how shell metacharacters can be injected to execute arbitrary commands.

Description

PHP-ping - 'Count' Command Execution

Exploits (1)

exploitdb WORKING POC VERIFIED

by ppp-design · textwebappsphp

https://www.exploit-db.com/exploits/23487

View Code ZIP pw:eip

The exploit demonstrates a command injection vulnerability in php-ping.php via the 'count' parameter, allowing remote command execution with web server privileges. The provided URLs show how shell metacharacters can be injected to execute arbitrary commands.

Classification

Working Poc 90%

Attack Type

Rce

Complexity

Trivial

Reliability

Reliable

Target: php-ping (version not specified)

No auth needed

Prerequisites: Vulnerable php-ping.php script accessible on a web server

MITRE ATT&CK

T1190 - Exploit Public-Facing Application T1059 - Command and Scripting Interpreter

devstral-2 · analyzed Feb 18, 2026 Full analysis →

Details

Status pre_cve

Tracked Since Feb 18, 2026