CVE 9.8 CRITICAL

Joomla Extension – joomcoder.com – Unauthenticated SQL Injection in JoomCCK extension for Joomla < 6.4.1_CVE-2026-49048

9.8 / 10
CRITICAL
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Description

The Joomla extension JoomCCK exposes a front-end controller task, that builds two SQL statements by directly concatenating a user-supplied request parameter into the query string without escaping or parameterisation.

AI Analysis

Unauthenticated SQL Injection vulnerability in JoomCCK extension for Joomla

Basic Information

ID CVE-2026-49048
Source Joomla
Published Jun 28, 2026 at 18:37
Modified Jun 29, 2026 at 13:01

Affected Product

Vendor joomcoder.com
Product JoomCCK extension for Joomla
Version 1.0-6.4.0
Affected Versions joomcoder.com JoomCCK extension for Joomla 1.0-6.4.0

CWE Classification

AI Assessment

AI Score 9.8 / 10
AI Severity Critical
Vendor joomcoder.com
Product JoomCCK extension for Joomla
Version 1.0-6.4.0

References

💭 Join the Security Discussion

🔒 Your email address will not be published. Required fields are marked *

⚠️ Please be respectful and constructive in your comments. Security discussions should remain professional.