ГлавнаяУязвимости → CVE-2026-48939
9.8критическая

CVE-2026-48939

Описание

A vulnerability in the iCagenda extension for Joomla allows the upload of arbitrary files in the file attachment feature, ultimately resulting in PHP code upload and execution.

Затрагиваемое ПО
Joomlic Icagenda
CVSS
Балл9.8 — критическая
ВекторCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Источники
https://www.icagenda.com/https://github.com/Polosss/By-Poloss..-..CVE-2026-48939https://mysites.guru/blog/icagenda-zero-day-file-upload-rce/https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2026-48939https://www.icagenda.com/docs/changelog/icagenda-3-9-15https://www.icagenda.com/docs/changelog/icagenda-4-0-8