EIP-2026-108621

PRE-CVE

Joomla! Component DentroVideo 1.2 - 'upload.php' Arbitrary File Upload

Title source: legacy

Exploitation Summary

EIP tracks 1 public exploit for EIP-2026-108621. PoCs published by Sammy FORGIT.

AI-analyzed exploit summary This exploit demonstrates an arbitrary file upload vulnerability in the DentroVideo Joomla! component, allowing attackers to upload and execute PHP files on the server. Two separate upload endpoints are targeted, with the payloads bypassing file extension restrictions.

Description

Joomla! Component DentroVideo 1.2 - 'upload.php' Arbitrary File Upload

Exploits (1)

exploitdb WORKING POC VERIFIED

by Sammy FORGIT · phpwebappsphp

https://www.exploit-db.com/exploits/37380

View Code ZIP pw:eip

This exploit demonstrates an arbitrary file upload vulnerability in the DentroVideo Joomla! component, allowing attackers to upload and execute PHP files on the server. Two separate upload endpoints are targeted, with the payloads bypassing file extension restrictions.

Classification

Working Poc 95%

Attack Type

Rce

Complexity

Trivial

Reliability

Reliable

Target: DentroVideo 1.2 for Joomla!

No auth needed

Prerequisites: Access to the target Joomla! instance · Curl or similar HTTP client

MITRE ATT&CK

T1105 - Ingress Tool Transfer T1204 - User Execution T1505 - Server Software Component

devstral-2 · analyzed Feb 16, 2026 Full analysis →

Details

Status pre_cve

Tracked Since Feb 18, 2026