EIP-2026-108510

PRE-CVE

Joomla! Component com_realestatemanager 3.7 - SQL Injection

Title source: legacy
STIX 2.1

Exploitation Summary

EIP tracks 1 public exploit for EIP-2026-108510. PoCs published by Omer Ramić.

AI-analyzed exploit summary The exploit demonstrates SQL injection in Joomla component com_realestatemanager via the 'order_direction' and 'order_field' POST parameters. It includes two proof-of-concept payloads for boolean-based and error-based SQLi, confirming vulnerability in version 3.7 and likely prior versions.

Description

Joomla! Component com_realestatemanager 3.7 - SQL Injection

Exploits (1)

exploitdb WORKING POC
by Omer Ramić · textwebappsphp
https://www.exploit-db.com/exploits/38445

The exploit demonstrates SQL injection in Joomla component com_realestatemanager via the 'order_direction' and 'order_field' POST parameters. It includes two proof-of-concept payloads for boolean-based and error-based SQLi, confirming vulnerability in version 3.7 and likely prior versions.

Classification
Working Poc 95%
Attack Type
Sqli
Complexity
Trivial
Reliability
Reliable
Target: Joomla com_realestatemanager component 3.7
No auth needed
Prerequisites: Access to a vulnerable Joomla instance with the com_realestatemanager component installed
devstral-2 · analyzed Feb 18, 2026 Full analysis →

Details

Status pre_cve
Tracked Since Feb 18, 2026