EIP-2026-108129

This is a detailed technical writeup describing an SQL injection vulnerability in Joomla Plugin SexyPolling versions below 2.1.8. The vulnerability arises from insufficient sanitization of POST parameters 'min_date' and 'max_date' in the 'vote.php' file, allowing unauthenticated attackers to execute arbitrary SQL commands.