A vulnerability in the JCE editor extension for Joomla allows the creation of new editor profiles for unauthenticated users, ultimately resulting in PHP code upload and execution.
CVSS
No CVSS.
References
| Link | Resource |
|---|---|
| https://www.joomlacontenteditor.net/ |
Configurations
No configuration.
History
05 Jun 2026, 08:16
| Type | Values Removed | Values Added |
|---|---|---|
| New CVE |
Information
Published : 2026-06-05 08:16
Updated : 2026-06-05 16:05
NVD link : CVE-2026-48907
Mitre link : CVE-2026-48907
CVE.ORG link : CVE-2026-48907
JSON object : View
Products Affected
No product.
CWE
CWE-284
Improper Access Control