EIP-2026-118680

PRE-CVE

Impero Education Pro - System Remote Command Execution

Title source: legacy

Exploitation Summary

EIP tracks 1 public exploit for EIP-2026-118680. PoCs published by slipstream.

AI-analyzed exploit summary This PHP script exploits a hardcoded encryption key and weak authentication in Impero Education Pro to achieve remote code execution (RCE) as SYSTEM on all connected Windows clients. It demonstrates the ability to send arbitrary commands and execute binaries by leveraging the proprietary Impero protocol.

Description

Impero Education Pro - System Remote Command Execution

Exploits (1)

exploitdb WORKING POC

by slipstream · phpremotewindows

https://www.exploit-db.com/exploits/37611

View Code ZIP pw:eip

This PHP script exploits a hardcoded encryption key and weak authentication in Impero Education Pro to achieve remote code execution (RCE) as SYSTEM on all connected Windows clients. It demonstrates the ability to send arbitrary commands and execute binaries by leveraging the proprietary Impero protocol.

Classification

Working Poc 100%

Attack Type

Rce

Complexity

Moderate

Reliability

Reliable

Target: Impero Education Pro (version 5.x or earlier)

No auth needed

Prerequisites: Network access to Impero server (default port 30015) · Knowledge of the hardcoded encryption key ('Imp3ro')

MITRE ATT&CK

T1059 - Command and Scripting Interpreter T1068 - Exploitation for Privilege Escalation T1090 - Proxy

devstral-2 · analyzed Feb 18, 2026 Full analysis →

Details

Status pre_cve

Tracked Since Feb 18, 2026