9.8
/ 10
CRITICAL
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Description
The Joomla extension JoomCCK exposes a front-end controller task, that builds two SQL statements by directly concatenating a user-supplied request parameter into the query string without escaping or parameterisation.
AI Analysis
Unauthenticated SQL Injection vulnerability in JoomCCK extension for Joomla
Basic Information
ID
CVE-2026-49048
Source
Joomla
Published
Jun 28, 2026 at 18:37
Modified
Jun 29, 2026 at 13:01
Affected Product
Vendor
joomcoder.com
Product
JoomCCK extension for Joomla
Version
1.0-6.4.0
Affected Versions
joomcoder.com JoomCCK extension for Joomla 1.0-6.4.0
CWE Classification
AI Assessment
AI Score
9.8 / 10
AI Severity
Critical
Vendor
joomcoder.com
Product
JoomCCK extension for Joomla
Version
1.0-6.4.0