EIP-2026-108603

PRE-CVE

Joomla! Component com_xmap 1.2.11 - Blind SQL Injection

Title source: legacy

Exploitation Summary

EIP tracks 1 public exploit for EIP-2026-108603. PoCs published by jdc.

AI-analyzed exploit summary This is a writeup describing a blind SQL injection vulnerability in the Xmap Joomla component version 1.2.11. The vulnerability is exploitable via the 'view' parameter when the cache is disabled, and it was patched in version 1.2.12.

Description

Joomla! Component com_xmap 1.2.11 - Blind SQL Injection

Exploits (1)

exploitdb WRITEUP VERIFIED

by jdc · textwebappsphp

https://www.exploit-db.com/exploits/17525

View Code ZIP pw:eip

This is a writeup describing a blind SQL injection vulnerability in the Xmap Joomla component version 1.2.11. The vulnerability is exploitable via the 'view' parameter when the cache is disabled, and it was patched in version 1.2.12.

Classification

Writeup 90%

Attack Type

Sqli

Complexity

Trivial

Reliability

Reliable

Target: Xmap Joomla Component 1.2.11

No auth needed

Prerequisites: Xmap Joomla Component version 1.2.11 with cache disabled

MITRE ATT&CK

T1189 - Drive-by Compromise

devstral-2 · analyzed Feb 16, 2026 Full analysis →

Details

Status pre_cve

Tracked Since Feb 18, 2026