EIP-2026-108282

PRE-CVE

Joomla! Component com_bit - 'Controller' Local File Inclusion

Title source: legacy
STIX 2.1

Exploitation Summary

EIP tracks 1 public exploit for EIP-2026-108282. PoCs published by Xr0b0t.

AI-analyzed exploit summary The provided text describes a local file inclusion (LFI) vulnerability in the Bit Component for Joomla!, where improper input sanitization allows attackers to read arbitrary files via path traversal sequences. The example URL demonstrates exploiting this to access '/etc/passwd'.

Description

Joomla! Component com_bit - 'Controller' Local File Inclusion

Exploits (1)

exploitdb WRITEUP VERIFIED
by Xr0b0t · textwebappsphp
https://www.exploit-db.com/exploits/38135

The provided text describes a local file inclusion (LFI) vulnerability in the Bit Component for Joomla!, where improper input sanitization allows attackers to read arbitrary files via path traversal sequences. The example URL demonstrates exploiting this to access '/etc/passwd'.

Classification
Writeup 90%
Attack Type
Info Leak
Complexity
Trivial
Reliability
Reliable
Target: Bit Component for Joomla!
No auth needed
Prerequisites: Access to the vulnerable Joomla! instance
devstral-2 · analyzed Feb 18, 2026 Full analysis →

Details

Status pre_cve
Tracked Since Feb 18, 2026