EIP-2026-108032

Exploitation Summary

EIP tracks 1 public exploit for EIP-2026-108032. PoCs published by mr_me.

AI-analyzed exploit summary This exploit leverages a blind SQL injection vulnerability in JAKCMS <= v2.01 via the 'JAK_COOKIE_NAME' and 'JAK_COOKIE_PASS' cookies to bypass authentication and gain administrative access. It then abuses the 'php_hook' functionality to execute arbitrary PHP code, resulting in remote command execution.

Description

JAKCMS 2.01 - Code Execution

Exploits (1)

exploitdb WORKING POC VERIFIED

by mr_me · pythonwebappsphp

https://www.exploit-db.com/exploits/16200

View Code ZIP pw:eip

This exploit leverages a blind SQL injection vulnerability in JAKCMS <= v2.01 via the 'JAK_COOKIE_NAME' and 'JAK_COOKIE_PASS' cookies to bypass authentication and gain administrative access. It then abuses the 'php_hook' functionality to execute arbitrary PHP code, resulting in remote command execution.

Classification

Working Poc 95%

Attack Type

Rce

Complexity

Moderate

Reliability

Reliable

Target: JAKCMS <= v2.01

No auth needed

Prerequisites: Target must be running JAKCMS <= v2.01 · Admin interface must be accessible · PHP code execution must be enabled in the CMS

MITRE ATT&CK

T1189 - Drive-by Compromise T1190 - Exploit Public-Facing Application T1059 - Command and Scripting Interpreter

devstral-2 · analyzed Feb 16, 2026 Full analysis →

JAKCMS 2.01 - Code Execution

Exploitation Summary

Description

Exploits (1)

Details