EIP-2026-108673

PRE-CVE

Joomla! Component IDoEditor - 'image.php' Arbitrary File Upload

Title source: legacy

Exploitation Summary

EIP tracks 1 public exploit for EIP-2026-108673. PoCs published by Sammy FORGIT.

AI-analyzed exploit summary This HTML form exploits an arbitrary file upload vulnerability in the IDoEditor component for Joomla! by allowing attackers to upload malicious files to the server due to insufficient input sanitization.

Description

Joomla! Component IDoEditor - 'image.php' Arbitrary File Upload

Exploits (1)

exploitdb WORKING POC VERIFIED

by Sammy FORGIT · htmlwebappsphp

https://www.exploit-db.com/exploits/37381

View Code ZIP pw:eip

This HTML form exploits an arbitrary file upload vulnerability in the IDoEditor component for Joomla! by allowing attackers to upload malicious files to the server due to insufficient input sanitization.

Classification

Working Poc 90%

Attack Type

Rce

Complexity

Trivial

Reliability

Reliable

Target: IDoEditor 1.6.16 for Joomla!

No auth needed

Prerequisites: Access to the target Joomla! instance with IDoEditor plugin installed

MITRE ATT&CK

T1105 - Ingress Tool Transfer T1505.003 - Web Shell

devstral-2 · analyzed Feb 18, 2026 Full analysis →

Details

Status pre_cve

Tracked Since Feb 18, 2026