EIP-2026-107348

PRE-CVE

Gary's Cookbook 3.0 - 'id' SQL Injection

Title source: legacy

Exploitation Summary

EIP tracks 1 public exploit for EIP-2026-107348. PoCs published by S@BUN.

AI-analyzed exploit summary The exploit demonstrates an SQL injection vulnerability in Gary's Cookbook module for Joomla! and Mambo. It leverages unsanitized user input in the 'id' parameter to extract usernames and password hashes from the 'mos_users' table via a UNION-based SQLi attack.

Description

Gary's Cookbook 3.0 - 'id' SQL Injection

Exploits (1)

exploitdb WORKING POC VERIFIED

by S@BUN · textwebappsphp

https://www.exploit-db.com/exploits/31293

View Code ZIP pw:eip

The exploit demonstrates an SQL injection vulnerability in Gary's Cookbook module for Joomla! and Mambo. It leverages unsanitized user input in the 'id' parameter to extract usernames and password hashes from the 'mos_users' table via a UNION-based SQLi attack.

Classification

Working Poc 90%

Attack Type

Sqli

Complexity

Trivial

Reliability

Reliable

Target: Gary's Cookbook module for Joomla! and Mambo

No auth needed

Prerequisites: Target must have Gary's Cookbook module installed · SQL error messages must be visible or blind SQLi techniques must be applicable

MITRE ATT&CK

T1189 - Drive-by Compromise T1505 - Server Software Component

devstral-2 · analyzed Feb 18, 2026 Full analysis →

Details

Status pre_cve

Tracked Since Feb 18, 2026