Exploitation Summary
EIP tracks 1 public exploit for EIP-2026-109291. PoCs published by Dreadful.
AI-analyzed exploit summary This exploit demonstrates a SQL injection vulnerability in the Mambo com_mambads component. It extracts user credentials (username, password, email) from the mos_users table via a UNION-based SQL injection.
Description
Mambo Component MambAds - SQL Injection
Exploits (1)
exploitdb
WORKING POC
VERIFIED
by Dreadful · textwebappsphp
https://www.exploit-db.com/exploits/11719
This exploit demonstrates a SQL injection vulnerability in the Mambo com_mambads component. It extracts user credentials (username, password, email) from the mos_users table via a UNION-based SQL injection.
Classification
Working Poc 90%
Attack Type
Sqli
Complexity
Trivial
Reliability
Reliable
Target:
Mambo com_mambads component
No auth needed
Prerequisites:
Target must have the vulnerable com_mambads component installed
mistral-large-3 · analyzed Feb 16, 2026
Full analysis →
Details
Status
pre_cve
Tracked Since
Feb 18, 2026