ГлавнаяУязвимости → CVE-2026-48907
9.8критическая

CVE-2026-48907

Описание

A vulnerability in the JCE editor extension for Joomla allows the creation of new editor profiles for unauthenticated users, ultimately resulting in PHP code upload and execution.

Затрагиваемое ПО
Widgetfactorylimited Jce
CVSS
Балл9.8 — критическая
ВекторCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Источники
https://www.joomlacontenteditor.net/https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2026-48907https://www.joomlacontenteditor.net/news/jce-security-update-and-a-free-patch-for-older-sites