EIP-2026-111457

PRE-CVE

pPIM 1.01 - 'notes.php' Remote Command Execution

Title source: legacy

Exploitation Summary

EIP tracks 1 public exploit for EIP-2026-111457. PoCs published by JosS.

AI-analyzed exploit summary This Perl script exploits a remote command execution vulnerability in pPIM 1.01 by injecting malicious PHP code into Apache log files via the 'notes.php' script. It then triggers the injected code to execute arbitrary commands.

Description

pPIM 1.01 - 'notes.php' Remote Command Execution

Exploits (1)

exploitdb WORKING POC VERIFIED

by JosS · perlwebappsphp

https://www.exploit-db.com/exploits/8093

View Code ZIP pw:eip

This Perl script exploits a remote command execution vulnerability in pPIM 1.01 by injecting malicious PHP code into Apache log files via the 'notes.php' script. It then triggers the injected code to execute arbitrary commands.

Classification

Working Poc 95%

Attack Type

Rce

Complexity

Moderate

Reliability

Reliable

Target: pPIM 1.01

No auth needed

Prerequisites: Target must have pPIM 1.01 installed · Apache log files must be writable by the web server user

MITRE ATT&CK

T1190 - Exploit Public-Facing Application T1203 - Exploitation for Client Execution

devstral-2 · analyzed Feb 18, 2026 Full analysis →

Details

Status pre_cve

Tracked Since Feb 18, 2026