CVE-2026-48939

Summary

A vulnerability in the iCagenda extension for Joomla allows the upload of arbitrary files in the file attachment feature, ultimately resulting in PHP code upload and execution.

Affected Software

VendorProductVersion RangeStatus
icagenda.comiCagenda extension for Joomla3.2.1-4.0.7affected

Weaknesses

  • CWE-434: CWE-434: Unrestricted Upload of File with Dangerous Type

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: poc
    • Automatable: yes
    • Technical Impact: total

Additional References

References