EIP-2026-108752

Exploitation Summary

EIP tracks 1 public exploit for EIP-2026-108752. PoCs published by KedAns-Dz.

AI-analyzed exploit summary The exploit demonstrates two vulnerabilities in the Joomsport component for Joomla: an arbitrary file upload vulnerability (leading to RCE) and a blind SQL injection vulnerability. The file upload exploit bypasses restrictions by disguising a PHP shell as a PNG file, while the SQL injection exploit sends a crafted query to extract data from the database.

Description

Joomla! Component Joomsport - SQL Injection / Arbitrary File Upload

Exploits (1)

exploitdb WORKING POC VERIFIED

by KedAns-Dz · phpwebappsphp

https://www.exploit-db.com/exploits/37375

View Code ZIP pw:eip

The exploit demonstrates two vulnerabilities in the Joomsport component for Joomla: an arbitrary file upload vulnerability (leading to RCE) and a blind SQL injection vulnerability. The file upload exploit bypasses restrictions by disguising a PHP shell as a PNG file, while the SQL injection exploit sends a crafted query to extract data from the database.

Classification

Working Poc 95%

Attack Type

Rce | Sqli

Complexity

Trivial

Reliability

Reliable

Target: Joomla! with Joomsport component

No auth needed

Prerequisites: Access to the target Joomla! instance with the Joomsport component installed · Network connectivity to the target server

MITRE ATT&CK

T1190 - Exploit Public-Facing Application T1505 - Server Software Component T1189 - Drive-by Compromise

devstral-2 · analyzed Feb 18, 2026 Full analysis →

Joomla! Component Joomsport - SQL Injection / Arbitrary File Upload

Exploitation Summary

Description

Exploits (1)

Details