EIP-2026-108693

PRE-CVE

Joomla! Component jDownloads 1.0 - Arbitrary File Upload

Title source: legacy

Exploitation Summary

EIP tracks 1 public exploit for EIP-2026-108693. PoCs published by Al-Ghamdi.

AI-analyzed exploit summary This exploit describes a remote file upload vulnerability in jDownloads 1.0, allowing attackers to upload malicious files (e.g., shell.php.jpg) by bypassing file extension restrictions. The exploit requires user registration and leverages the 'Submit file' functionality to achieve remote code execution (RCE).

Description

Joomla! Component jDownloads 1.0 - Arbitrary File Upload

Exploits (1)

exploitdb WORKING POC

by Al-Ghamdi · textwebappsphp

https://www.exploit-db.com/exploits/17303

View Code ZIP pw:eip

This exploit describes a remote file upload vulnerability in jDownloads 1.0, allowing attackers to upload malicious files (e.g., shell.php.jpg) by bypassing file extension restrictions. The exploit requires user registration and leverages the 'Submit file' functionality to achieve remote code execution (RCE).

Classification

Working Poc 90%

Attack Type

Rce

Complexity

Trivial

Reliability

Reliable

Target: jDownloads 1.0

Auth required

Prerequisites: User registration on the target site · Access to the 'Submit file' feature

MITRE ATT&CK

T1105 - Ingress Tool Transfer T1505.003 - Web Shell

devstral-2 · analyzed Feb 18, 2026 Full analysis →

Details

Status pre_cve

Tracked Since Feb 18, 2026