EIP-2026-109301

Exploitation Summary

EIP tracks 1 public exploit for EIP-2026-109301. PoCs published by Crackers_Child.

AI-analyzed exploit summary The provided text describes a remote file inclusion vulnerability in the Mambo Rssxt component for Joomla and Mambo, where improper input sanitization allows arbitrary remote file inclusion. The vulnerability is demonstrated via URL examples targeting specific PHP files with the 'mosConfig_absolute_path' parameter.

Description

Mambo Component Rssxt 1.0 - 'MosConfig_absolute_path' Multiple Remote File Inclusions

Exploits (1)

exploitdb WRITEUP VERIFIED

by Crackers_Child · textwebappsphp

https://www.exploit-db.com/exploits/28404

View Code ZIP pw:eip

The provided text describes a remote file inclusion vulnerability in the Mambo Rssxt component for Joomla and Mambo, where improper input sanitization allows arbitrary remote file inclusion. The vulnerability is demonstrated via URL examples targeting specific PHP files with the 'mosConfig_absolute_path' parameter.

Classification

Writeup 90%

Attack Type

Rce

Complexity

Trivial

Reliability

Reliable

Target: Mambo Rssxt component for Joomla and Mambo (versions 1.0 and prior)

No auth needed

Prerequisites: Access to the target web application · Ability to host a malicious PHP file on a remote server

MITRE ATT&CK

T1189 - Drive-by Compromise T1203 - Exploitation for Client Execution

devstral-2 · analyzed Feb 18, 2026 Full analysis →

Mambo Component Rssxt 1.0 - 'MosConfig_absolute_path' Multiple Remote File Inclusions

Exploitation Summary

Description

Exploits (1)

Details