EIP-2026-108173

PRE-CVE

Joomla! 1.5.22 / 1.6.0 - 'com_mailto' Spam Mail Relay

Title source: legacy

Exploitation Summary

EIP tracks 1 public exploit for EIP-2026-108173. PoCs published by Jeff Channell.

AI-analyzed exploit summary This is a writeup describing a spam email relay vulnerability in Joomla! versions 1.5.22 and 1.6.0 via the com_mailto component. The exploit involves crafting a URL with a base64-encoded spam message and sending it to victims through the form.

Description

Joomla! 1.5.22 / 1.6.0 - 'com_mailto' Spam Mail Relay

Exploits (1)

exploitdb WRITEUP

by Jeff Channell · textwebappsphp

https://www.exploit-db.com/exploits/15979

View Code ZIP pw:eip

This is a writeup describing a spam email relay vulnerability in Joomla! versions 1.5.22 and 1.6.0 via the com_mailto component. The exploit involves crafting a URL with a base64-encoded spam message and sending it to victims through the form.

Classification

Writeup 90%

Attack Type

Other

Complexity

Trivial

Reliability

Reliable

Target: Joomla! 1.5.22, 1.6.0

No auth needed

Prerequisites: Access to the Joomla! instance with com_mailto enabled

MITRE ATT&CK

T1566.001 - Spearphishing Attachment

devstral-2 · analyzed Feb 16, 2026 Full analysis →

Details

Status pre_cve

Tracked Since Feb 18, 2026