EIP-2026-113286

PRE-CVE

Webfroot Shoutbox 2.32 - Remote Command Execution

Title source: legacy

Exploitation Summary

EIP tracks 1 public exploit for EIP-2026-113286. PoCs published by pokleyzz.

AI-analyzed exploit summary This Perl script exploits a command injection vulnerability in Webfroot Shoutbox < 2.32 by injecting PHP code into Apache access logs via the 'conf' URI parameter, then executing arbitrary commands. The exploit leverages insufficient input sanitization to achieve remote code execution.

Description

Webfroot Shoutbox 2.32 - Remote Command Execution

Exploits (1)

exploitdb WORKING POC VERIFIED

by pokleyzz · perlwebappsphp

https://www.exploit-db.com/exploits/22687

View Code ZIP pw:eip

This Perl script exploits a command injection vulnerability in Webfroot Shoutbox < 2.32 by injecting PHP code into Apache access logs via the 'conf' URI parameter, then executing arbitrary commands. The exploit leverages insufficient input sanitization to achieve remote code execution.

Classification

Working Poc 95%

Attack Type

Rce

Complexity

Moderate

Reliability

Reliable

Target: Webfroot Shoutbox < 2.32

No auth needed

Prerequisites: Apache web server with writeable log files · Webfroot Shoutbox < 2.32 installed · Network access to the target

MITRE ATT&CK

T1190 - Exploit Public-Facing Application T1203 - Exploitation for Client Execution

devstral-2 · analyzed Feb 18, 2026 Full analysis →

Details

Status pre_cve

Tracked Since Feb 18, 2026