CVE 7.5 HIGH

Joomla Extension – joomshaper.com – Unauthenticated access to Helix3 template ajax handler_CVE-2026-49049

7.5 / 10
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

Description

The Helix3 plugin for Joomla exposes an ajax handler task, that allows unauthenticated attackers to delete arbitrary files, write arbitrary JSON files and update template parameters.

Basic Information

ID CVE-2026-49049
Source Joomla
Published Jun 29, 2026 at 14:34
Modified Jun 29, 2026 at 15:28

Affected Product

Vendor joomshaper.com
Product Helix3 extension for Joomla
Version 1.0-3.1.1
Affected Versions joomshaper.com Helix3 extension for Joomla 1.0-3.1.1

CWE Classification

References

💭 Join the Security Discussion

🔒 Your email address will not be published. Required fields are marked *

⚠️ Please be respectful and constructive in your comments. Security discussions should remain professional.