2 matches found
CVE-2026-48907
CVE-2026-48907 — Joomla JCE extension unauthenticated RCE is a vulnerability in the Joomla Content Editor (JCE) that allows unauthenticated users to create editor profiles and upload PHP payloads, enabling remote code execution. Technical details across documents show an unrestricted file upload ...
CVE-2015-7339
CVE-2015-7339 affects JCE Joomla Component (versions 2.5.0–2.5.2). The flaw lets an attacker upload arbitrary files by crafting an image file with a .php extension to the /com_jce/editor/libraries/classes/browser.php script, enabling potential code execution or server compromise as implied by arb...