CVE-2026-48908

Summary

A vulnerability in SP Page Builder for Joomla allows unauthenticated users to upload arbitrary files, ultimately resulting in the upload and execution of PHP code.

Affected Software

VendorProductVersion RangeStatus
joomshaper.netSP Page Builder extension for Joomla1.0.0-6.6.1affected

Weaknesses

  • CWE-434: CWE-434: Unrestricted Upload of File with Dangerous Type

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: yes
    • Technical Impact: total

Additional References

References