ГлавнаяУязвимости → CVE-2026-48908
9.8критическая

CVE-2026-48908

Описание

A vulnerability in SP Page Builder for Joomla allows unauthenticated users to upload arbitrary files, ultimately resulting in the upload and execution of PHP code.

Затрагиваемое ПО
Ollyo Sp page builder
CVSS
Балл9.8 — критическая
ВекторCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Источники
https://www.joomshaper.com/page-builderhttps://extensions.joomla.org/extension/sp-page-builder/https://mysites.guru/blog/sp-page-builder-zero-day-uploadcustomicon-rce/https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2026-48908https://www.joomshaper.com/forum/question/45152