EIP-2026-108332

PRE-CVE

Joomla! Component com_djClassifieds 0.9.1 - Arbitrary File Upload

Title source: legacy

Exploitation Summary

EIP tracks 1 public exploit for EIP-2026-108332. PoCs published by Sid3^effects.

AI-analyzed exploit summary This is a technical writeup describing an upload vulnerability in the DJ-Classifieds Joomla extension, allowing attackers to bypass file extension checks and upload malicious scripts. The vulnerability involves changing file extensions to .img, .gif, or .bmp to evade restrictions.

Description

Joomla! Component com_djClassifieds 0.9.1 - Arbitrary File Upload

Exploits (1)

exploitdb WRITEUP

by Sid3^effects · textwebappsphp

https://www.exploit-db.com/exploits/12479

View Code ZIP pw:eip

This is a technical writeup describing an upload vulnerability in the DJ-Classifieds Joomla extension, allowing attackers to bypass file extension checks and upload malicious scripts. The vulnerability involves changing file extensions to .img, .gif, or .bmp to evade restrictions.

Classification

Writeup 90%

Attack Type

Rce

Complexity

Trivial

Reliability

Reliable

Target: DJ-Classifieds (Joomla extension)

Auth required

Prerequisites: User registration on the target site · Access to the 'Add classifieds' feature

MITRE ATT&CK

T1190 - Exploit Public-Facing Application T1505.003 - Web Shell

devstral-2 · analyzed Feb 18, 2026 Full analysis →

Details

Status pre_cve

Tracked Since Feb 18, 2026