EIP-2026-108541

PRE-CVE

Joomla! Component com_simplephotogallery 1.0 - Arbitrary File Upload

Title source: legacy

Exploitation Summary

EIP tracks 1 public exploit for EIP-2026-108541. PoCs published by CrashBandicot.

AI-analyzed exploit summary This exploit demonstrates an arbitrary file upload vulnerability in Joomla Simple Photo Gallery. The vulnerable endpoint allows attackers to upload files to arbitrary locations via directory traversal in the 'jpath' parameter, leading to remote code execution.

Description

Joomla! Component com_simplephotogallery 1.0 - Arbitrary File Upload

Exploits (1)

exploitdb WORKING POC

by CrashBandicot · textwebappsphp

https://www.exploit-db.com/exploits/36373

View Code ZIP pw:eip

This exploit demonstrates an arbitrary file upload vulnerability in Joomla Simple Photo Gallery. The vulnerable endpoint allows attackers to upload files to arbitrary locations via directory traversal in the 'jpath' parameter, leading to remote code execution.

Classification

Working Poc 90%

Attack Type

Rce

Complexity

Trivial

Reliability

Reliable

Target: Joomla Simple Photo Gallery version 1

No auth needed

Prerequisites: Access to the vulnerable endpoint · Ability to send HTTP POST requests

MITRE ATT&CK

T1105 - Ingress Tool Transfer T1204 - User Execution

devstral-2 · analyzed Feb 16, 2026 Full analysis →

Details

Status pre_cve

Tracked Since Feb 18, 2026