216 matches found
CVE-2026-56290
The Joomla extension Page Builder CK is vulnerable to an unauthenticated arbitrary file upload that allows uploading executable files and leads to full RCE...
CVE-2026-49049 Joomla Extension - joomshaper.com - Unauthenticated access to Helix3 template ajax handler
The Helix3 plugin for Joomla exposes an ajax handler task, that allows unauthenticated attackers to delete arbitrary files, write arbitrary JSON files and update template parameters...
EUVD-2026-40121
The Joomla extension Page Builder CK is vulnerable to an unauthenticated arbitrary file upload that allows uploading executable files and leads to full RCE...
CVE-2026-56290
CVE-2026-56290 affects Joomla Page Builder CK (com_pagebuilderck). The root cause is an unauthenticated file upload path via browse.ajaxAddPicture that accepts a user-controlled destination with only trivial sanitization and no authentication gate, enabling an attacker to upload PHP/executable fi...
CVE-2026-56290 Joomla Extension - joomlack.fr - Unauthenticated file upload in Page Builder CK extension < 3.6.0
The Joomla extension Page Builder CK is vulnerable to an unauthenticated arbitrary file upload that allows uploading executable files and leads to full RCE...
CVE-2026-56290 Joomla Extension - joomlack.fr - Unauthenticated file upload in Page Builder CK extension < 3.6.0
The Joomla extension Page Builder CK is vulnerable to an unauthenticated arbitrary file upload that allows uploading executable files and leads to full RCE...
PT-2026-53285
Name of the Vulnerable Software and Affected Versions Page Builder CK extension for Joomla versions prior to 3.6.0 Description The Page Builder CK extension for Joomla contains an unauthenticated arbitrary file upload flaw. The issue stems from improper input validation and insufficient server-si...
CVE-2026-49048
The Joomla extension JoomCCK exposes a front-end controller task, that builds two SQL statements by directly concatenating a user-supplied request parameter into the query string without escaping or parameterisation...
EUVD-2026-40003
The Joomla extension JoomCCK exposes a front-end controller task, that builds two SQL statements by directly concatenating a user-supplied request parameter into the query string without escaping or parameterisation...
CVE-2026-49048
The CVE-2026-49048 issue affects the Joomla extension JoomCCK (com_joomcck). A front-end controller task (tags.save) builds two SQL statements by directly concatenating a user-supplied request parameter into the query string without escaping or parameterisation, enabling unauthenticated SQL injec...
CVE-2026-49048 Joomla Extension - joomcoder.com - Unauthenticated SQL Injection in JoomCCK extension for Joomla < 6.4.1
The Joomla extension JoomCCK exposes a front-end controller task, that builds two SQL statements by directly concatenating a user-supplied request parameter into the query string without escaping or parameterisation...
CVE-2026-48945
The CVE describes a vulnerability in the K2 Joomla extension (getk2.com) where the article gallery upload path accepts a zip/tar archive and extracts it to /media/k2/galleries//. The extractor renames image files (gif/jpg/jpeg/png/webp) to safe names, but non-image files (including .php) are extr...
CVE-2026-48941 Joomla Extension - getk2.org - Unauthenticated folder delete in K2 extension for Joomla < 2.26
The K2 frontend item.checkin task accepts an unauthenticated sigProFolder query parameter and uses it directly to address a JFolder::delete call under /media/k2/galleries/...
CVE-2026-48941 Joomla Extension - getk2.org - Unauthenticated folder delete in K2 extension for Joomla < 2.26
The K2 frontend item.checkin task accepts an unauthenticated sigProFolder query parameter and uses it directly to address a JFolder::delete call under /media/k2/galleries/...
CVE-2026-48944
Summary: CVE-2026-48944 affects the K2 Joomla extension (getk2.com) where the frontend article-save handler accepts a parameter attachment[N][existing] that is concatenated with JPATH_SITE/ and passed to JFile::copy(). Since JPath::clean does not strip “..” and there is no allow-list of source pa...
CVE-2026-48942
Affected software: K2 extension for Joomla (getk2.com), version constraint listed as K2 ≤ 2.26. Vulnerability: two templates render the database column __#k2_users.image directly into HTML src attributes without HTML escaping, revealing a stored-XSS risk. Root cause: lack of escaping when injecti...
CVE-2026-48939
A vulnerability in the iCagenda extension for Joomla allows the upload of arbitrary files in the file attachment feature, ultimately resulting in PHP code upload and execution...
CVE-2026-48908 Joomla Extension - joomshaper.com - Remote Code Execution in SP Pagebuilder extension for Joomla < 6.6.2
A vulnerability in SP Page Builder for Joomla allows unauthenticated users to upload arbitrary files, ultimately resulting in the upload and execution of PHP code...
CVE-2026-48908
CVE-2026-48908 affects the Joomla extension SP Page Builder (com_sppagebuilder). Reports and PoCs confirm unauthenticated file upload via the asset.uploadCustomIcon task, allowing arbitrary files to be written to the webroot and potentially executing PHP code. Affected versions are 1.0.0 through ...
CVE-2026-48939 Joomla Extension - icagenda.com - Remote Code Execution in iCaganda extension for Joomla < 4.0.8/3.9.15
A vulnerability in the iCagenda extension for Joomla allows the upload of arbitrary files in the file attachment feature, ultimately resulting in PHP code upload and execution...