EIP-2026-108267

PRE-CVE

Joomla! Component com_appointinator 1.0.1 - Multiple Vulnerabilities

Title source: legacy

Exploitation Summary

EIP tracks 1 public exploit for EIP-2026-108267. PoCs published by Salvatore Fresta.

AI-analyzed exploit summary This document details SQL injection and blind SQL injection vulnerabilities in the Appointinator 1.0.1 Joomla component, specifically in the 'aid' parameter passed to 'app.php'. It includes technical analysis and sample exploit code for SQLi.

Description

Joomla! Component com_appointinator 1.0.1 - Multiple Vulnerabilities

Exploits (1)

exploitdb WRITEUP VERIFIED

by Salvatore Fresta · textwebappsphp

https://www.exploit-db.com/exploits/14488

View Code ZIP pw:eip

This document details SQL injection and blind SQL injection vulnerabilities in the Appointinator 1.0.1 Joomla component, specifically in the 'aid' parameter passed to 'app.php'. It includes technical analysis and sample exploit code for SQLi.

Classification

Writeup 90%

Attack Type

Sqli

Complexity

Trivial

Reliability

Reliable

Target: Appointinator 1.0.1 Joomla Component

Auth required

Prerequisites: Registered user access · Joomla installation with Appointinator component

MITRE ATT&CK

T1189 - Drive-by Compromise T1505 - Server Software Component

devstral-2 · analyzed Feb 18, 2026 Full analysis →

Details

Status pre_cve

Tracked Since Feb 18, 2026