EIP-2026-112207

Exploitation Summary

EIP tracks 1 public exploit for EIP-2026-112207. PoCs published by brain[pillow].

AI-analyzed exploit summary The exploit demonstrates a remote code execution (RCE) vulnerability in Slaed CMS by injecting PHP code via the 'word' or 'query' parameters in the search functionality. The payload uses PHP's string interpolation to execute arbitrary code (e.g., phpinfo()).

Description

Slaed CMS - Code Execution

Exploits (1)

exploitdb WORKING POC

by brain[pillow] · textwebappsphp

https://www.exploit-db.com/exploits/17824

View Code ZIP pw:eip

The exploit demonstrates a remote code execution (RCE) vulnerability in Slaed CMS by injecting PHP code via the 'word' or 'query' parameters in the search functionality. The payload uses PHP's string interpolation to execute arbitrary code (e.g., phpinfo()).

Classification

Working Poc 90%

Attack Type

Rce

Complexity

Trivial

Reliability

Reliable

Target: Slaed CMS <= 4.* and OpenSlaed 1.2 (free)

No auth needed

Prerequisites: Access to the target's search functionality via HTTP

MITRE ATT&CK

T1190 - Exploit Public-Facing Application

devstral-2 · analyzed Feb 18, 2026 Full analysis →

Slaed CMS - Code Execution

Exploitation Summary

Description

Exploits (1)

Details