7.5
/ 10
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
Description
The Helix3 plugin for Joomla exposes an ajax handler task, that allows unauthenticated attackers to delete arbitrary files, write arbitrary JSON files and update template parameters.
Basic Information
ID
CVE-2026-49049
Source
Joomla
Published
Jun 29, 2026 at 14:34
Modified
Jun 29, 2026 at 15:28
Affected Product
Vendor
joomshaper.com
Product
Helix3 extension for Joomla
Version
1.0-3.1.1
Affected Versions
joomshaper.com Helix3 extension for Joomla 1.0-3.1.1