A vulnerability in the iCagenda extension for Joomla allows the upload of arbitrary files in the file attachment feature, ultimately resulting in PHP code upload and execution.
History

Thu, 02 Jul 2026 17:30:00 +0000

Type Values Removed Values Added
References
Metrics ssvc

{'options': {'Automatable': 'yes', 'Exploitation': 'none', 'Technical Impact': 'total'}, 'version': '2.0.3'}

ssvc

{'options': {'Automatable': 'yes', 'Exploitation': 'poc', 'Technical Impact': 'total'}, 'version': '2.0.3'}


Wed, 24 Jun 2026 19:30:00 +0000


Mon, 22 Jun 2026 18:30:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'yes', 'Exploitation': 'none', 'Technical Impact': 'total'}, 'version': '2.0.3'}


Sun, 21 Jun 2026 09:45:00 +0000

Type Values Removed Values Added
First Time appeared Icagenda.com
Icagenda.com icagenda Extension For Joomla
Vendors & Products Icagenda.com
Icagenda.com icagenda Extension For Joomla

Sat, 20 Jun 2026 12:45:00 +0000

Type Values Removed Values Added
Description A vulnerability in the iCagenda extension for Joomla allows the upload of arbitrary files in the file attachment feature, ultimately resulting in PHP code upload and execution.
Title Joomla Extension - icagenda.com - Remote Code Execution in iCaganda extension for Joomla < 4.0.8/3.9.15
Weaknesses CWE-284
References
Metrics cvssV4_0

{'score': 10, 'vector': 'CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H/E:A/AU:Y/U:Red'}


cve-icon MITRE

Status: PUBLISHED

Assigner: Joomla

Published: 2026-06-20T11:56:50.752Z

Updated: 2026-07-02T16:16:17.718Z

Reserved: 2026-05-26T16:47:13.549Z

Link: CVE-2026-48939

cve-icon Vulnrichment

Updated: 2026-06-22T17:44:21.023Z

cve-icon NVD

No data.

cve-icon Redhat

No data.