A vulnerability in SP Page Builder for Joomla allows unauthenticated users to upload arbitrary files, ultimately resulting in the upload and execution of PHP code.
History

Tue, 07 Jul 2026 18:30:00 +0000

Type Values Removed Values Added
References
Metrics ssvc

{'options': {'Automatable': 'yes', 'Exploitation': 'none', 'Technical Impact': 'total'}, 'version': '2.0.3'}

ssvc

{'options': {'Automatable': 'yes', 'Exploitation': 'active', 'Technical Impact': 'total'}, 'version': '2.0.3'}


Tue, 07 Jul 2026 17:45:00 +0000

Type Values Removed Values Added
Metrics kev

{'dateAdded': '2026-07-07T00:00:00+00:00', 'dueDate': '2026-07-10T00:00:00+00:00'}


Sun, 05 Jul 2026 14:45:00 +0000

Type Values Removed Values Added
Weaknesses CWE-284 CWE-434

Wed, 24 Jun 2026 19:30:00 +0000


Mon, 22 Jun 2026 19:30:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'yes', 'Exploitation': 'none', 'Technical Impact': 'total'}, 'version': '2.0.3'}


Sun, 21 Jun 2026 15:00:00 +0000

Type Values Removed Values Added
Description A vulnerability in the SP Page Builder for Joomla allows the upload of arbitrary files for unauthenticated users, ultimately resulting in PHP code upload and execution. A vulnerability in SP Page Builder for Joomla allows unauthenticated users to upload arbitrary files, ultimately resulting in the upload and execution of PHP code.
Title Joomla Extension - joomshaper.com - Remote Code Execution in SP Pagebuilder extension for Joomla < 6.6.12 Joomla Extension - joomshaper.com - Remote Code Execution in SP Pagebuilder extension for Joomla < 6.6.2

Sun, 21 Jun 2026 09:45:00 +0000

Type Values Removed Values Added
First Time appeared Joomshaper.net
Joomshaper.net sp Page Builder Extension For Joomla
Vendors & Products Joomshaper.net
Joomshaper.net sp Page Builder Extension For Joomla

Sat, 20 Jun 2026 12:45:00 +0000

Type Values Removed Values Added
Description A vulnerability in the SP Page Builder for Joomla allows the upload of arbitrary files for unauthenticated users, ultimately resulting in PHP code upload and execution.
Title Joomla Extension - joomshaper.com - Remote Code Execution in SP Pagebuilder extension for Joomla < 6.6.12
Weaknesses CWE-284
References
Metrics cvssV4_0

{'score': 10, 'vector': 'CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H/E:A/AU:Y/U:Red'}


cve-icon MITRE

Status: PUBLISHED

Assigner: Joomla

Published: 2026-06-20T11:57:00.501Z

Updated: 2026-07-08T09:55:16.808Z

Reserved: 2026-05-26T10:06:17.657Z

Link: CVE-2026-48908

cve-icon Vulnrichment

Updated: 2026-06-22T17:30:43.084Z

cve-icon NVD

No data.

cve-icon Redhat

No data.