EIP-2026-108170

PRE-CVE

Joomla! 1.5 Beta 2 - 'Search' Remote Code Execution

Title source: legacy

Exploitation Summary

EIP tracks 1 public exploit for EIP-2026-108170. PoCs published by Johannes Greil.

AI-analyzed exploit summary This is a detailed security advisory describing a remote command execution vulnerability in Joomla! CMS 1.5 beta 2. The vulnerability arises from unsafe use of eval() in the search component, allowing arbitrary PHP command execution via the searchword parameter.

Description

Joomla! 1.5 Beta 2 - 'Search' Remote Code Execution

Exploits (1)

exploitdb WRITEUP VERIFIED

by Johannes Greil · textwebappsphp

https://www.exploit-db.com/exploits/4212

View Code ZIP pw:eip

This is a detailed security advisory describing a remote command execution vulnerability in Joomla! CMS 1.5 beta 2. The vulnerability arises from unsafe use of eval() in the search component, allowing arbitrary PHP command execution via the searchword parameter.

Classification

Writeup 100%

Attack Type

Rce

Complexity

Trivial

Reliability

Reliable

Target: Joomla! CMS 1.5 beta 2

No auth needed

Prerequisites: Joomla! CMS 1.5 beta 2 installation

MITRE ATT&CK

T1190 - Exploit Public-Facing Application

devstral-2 · analyzed Feb 18, 2026 Full analysis →

Details

Status pre_cve

Tracked Since Feb 18, 2026