CVE Catalog

CVE-2026-49048

CriticalCVSS 9.8
Published: Updated: Translated: NVD NIST

Exploitation Probability (EPSS)

Low risk
0.51%

39th percentile — higher than 39% of all known CVEs

Summary

The JoomCCK extension for Joomla exposes a front-end controller task that builds two SQL statements by directly concatenating a user-supplied request parameter into the query string without escaping or parameterization.

Risk Assessment

An attacker can inject malicious SQL code, potentially leading to unauthorized database access, data leakage, or data modification.

Recommendation

Immediately update the JoomCCK extension to the latest version that includes a fix for the SQL injection vulnerability.

Original NVD description (English source)

The Joomla extension JoomCCK exposes a front-end controller task, that builds two SQL statements by directly concatenating a user-supplied request parameter into the query string without escaping or parameterisation.

Vulnerability data from NVD (NIST) · CISA KEV · EPSS