EIP-2026-109286
PRE-CVEMambo Component Docman 1.3.0 - Multiple SQL Injections
Title source: legacyExploitation Summary
EIP tracks 1 public exploit for EIP-2026-109286. PoCs published by KedAns-Dz.
AI-analyzed exploit summary This is a writeup describing SQL injection vulnerabilities in the 'com_docman' component for Mambo. It provides example URLs demonstrating how an attacker could exploit the vulnerabilities by injecting malicious SQL queries through the 'limit' and 'limitstart' parameters.
Description
Mambo Component Docman 1.3.0 - Multiple SQL Injections
Exploits (1)
exploitdb
WRITEUP
VERIFIED
by KedAns-Dz · textwebappsphp
https://www.exploit-db.com/exploits/35752
This is a writeup describing SQL injection vulnerabilities in the 'com_docman' component for Mambo. It provides example URLs demonstrating how an attacker could exploit the vulnerabilities by injecting malicious SQL queries through the 'limit' and 'limitstart' parameters.
Classification
Writeup 90%
Attack Type
Sqli
Complexity
Trivial
Reliability
Reliable
Target:
com_docman 1.3 for Mambo
No auth needed
Prerequisites:
Access to the vulnerable Mambo instance with the 'com_docman' component installed
MITRE ATT&CK
devstral-2 · analyzed Feb 16, 2026
Full analysis →
Details
Status
pre_cve
Tracked Since
Feb 18, 2026