EIP-2026-104295

PRE-CVE

Joomla! Component com_jem 2.1.4 - Multiple Vulnerabilities

Title source: legacy

Exploitation Summary

EIP tracks 1 public exploit for EIP-2026-104295. PoCs published by Martino Sani.

AI-analyzed exploit summary This exploit demonstrates an SQL injection vulnerability in Joomla Event Manager 2.1.4, allowing authenticated users to execute arbitrary SQL queries via the 'cid' parameter. It also highlights an insecure file upload vulnerability enabling the upload of malicious HTML/HTM files.

Description

Joomla! Component com_jem 2.1.4 - Multiple Vulnerabilities

Exploits (1)

exploitdb WORKING POC

by Martino Sani · textwebappsmultiple

https://www.exploit-db.com/exploits/37767

View Code ZIP pw:eip

This exploit demonstrates an SQL injection vulnerability in Joomla Event Manager 2.1.4, allowing authenticated users to execute arbitrary SQL queries via the 'cid' parameter. It also highlights an insecure file upload vulnerability enabling the upload of malicious HTML/HTM files.

Classification

Working Poc 90%

Attack Type

Sqli

Complexity

Moderate

Reliability

Reliable

Target: Joomla Event Manager 2.1.4

Auth required

Prerequisites: Authenticated user access · Joomla Event Manager 2.1.4 installed

MITRE ATT&CK

T1189 - Drive-by Compromise T1505 - Server Software Component

devstral-2 · analyzed Feb 16, 2026 Full analysis →

Details

Status pre_cve

Tracked Since Feb 18, 2026