EIP-2026-119551

PRE-CVE

PHP 5.2.9 (Windows x86) - Local Safemod Bypass

Title source: legacy

Exploitation Summary

EIP tracks 1 public exploit for EIP-2026-119551. PoCs published by Abysssec.

AI-analyzed exploit summary This advisory describes a PHP Safe Mode bypass vulnerability on Windows systems due to PHP's handling of directory separators. The issue arises from PHP's inability to distinguish between forward and backward slashes in directory paths, allowing command execution even when Safe Mode is enabled.

Description

PHP 5.2.9 (Windows x86) - Local Safemod Bypass

Exploits (1)

exploitdb WRITEUP VERIFIED

by Abysssec · textlocalwindows_x86

https://www.exploit-db.com/exploits/8799

View Code ZIP pw:eip

This advisory describes a PHP Safe Mode bypass vulnerability on Windows systems due to PHP's handling of directory separators. The issue arises from PHP's inability to distinguish between forward and backward slashes in directory paths, allowing command execution even when Safe Mode is enabled.

Classification

Writeup 90%

Attack Type

Auth Bypass

Complexity

Trivial

Reliability

Reliable

Target: PHP <= 5.2.9

No auth needed

Prerequisites: PHP Safe Mode enabled on Windows · Access to execute PHP functions like exec()

MITRE ATT&CK

T1552.001 - Credentials In Files

devstral-2 · analyzed Feb 18, 2026 Full analysis →

Details

Status pre_cve

Tracked Since Feb 18, 2026