EIP-2026-111405

PRE-CVE

PopojiCMS Version 2.0.1 - Remote Command Execution

Title source: legacy

Exploitation Summary

EIP tracks 1 public exploit for EIP-2026-111405. PoCs published by tmrswrr.

AI-analyzed exploit summary This exploit demonstrates a Remote Command Execution (RCE) vulnerability in PopojiCMS 2.0.1 by injecting PHP code into the Meta Social configuration field, which is then executed when the main page is accessed.

Description

PopojiCMS Version 2.0.1 - Remote Command Execution

Exploits (1)

exploitdb WORKING POC

by tmrswrr · textwebappsphp

https://www.exploit-db.com/exploits/51982

View Code ZIP pw:eip

This exploit demonstrates a Remote Command Execution (RCE) vulnerability in PopojiCMS 2.0.1 by injecting PHP code into the Meta Social configuration field, which is then executed when the main page is accessed.

Classification

Working Poc 95%

Attack Type

Rce

Complexity

Trivial

Reliability

Reliable

Target: PopojiCMS v2.0.1

Auth required

Prerequisites: Admin credentials for the target PopojiCMS instance

MITRE ATT&CK

T1203 - Exploitation for Client Execution T1190 - Exploit Public-Facing Application

devstral-2 · analyzed Feb 16, 2026 Full analysis →

Details

Status pre_cve

Tracked Since Feb 18, 2026