EIP-2026-108363

PRE-CVE

Joomla! Component com_hdflvplayer < 2.1.0.1 - Arbitrary File Download

Title source: legacy

Exploitation Summary

EIP tracks 1 public exploit for EIP-2026-108363. PoCs published by Claudio Viviani.

AI-analyzed exploit summary This exploit targets an arbitrary file download vulnerability in Joomla HD FLV Player 2.1.0.1 and below by manipulating the 'f' parameter in the download.php script. It allows attackers to download sensitive files by traversing directories.

Description

Joomla! Component com_hdflvplayer < 2.1.0.1 - Arbitrary File Download

Exploits (1)

exploitdb WORKING POC VERIFIED

by Claudio Viviani · pythonwebappsphp

https://www.exploit-db.com/exploits/35246

View Code ZIP pw:eip

This exploit targets an arbitrary file download vulnerability in Joomla HD FLV Player 2.1.0.1 and below by manipulating the 'f' parameter in the download.php script. It allows attackers to download sensitive files by traversing directories.

Classification

Working Poc 95%

Attack Type

Info Leak

Complexity

Trivial

Reliability

Reliable

Target: Joomla HD FLV Player <= 2.1.0.1

No auth needed

Prerequisites: Target must have the vulnerable Joomla HD FLV Player component installed · Network access to the target

MITRE ATT&CK

T1105 - Ingress Tool Transfer T1083 - File and Directory Discovery

devstral-2 · analyzed Feb 16, 2026 Full analysis →

Details

Status pre_cve

Tracked Since Feb 18, 2026