Vulnerability Details CVE-2026-49048
The Joomla extension JoomCCK exposes a front-end controller task, that builds two SQL statements by directly concatenating a user-supplied request parameter into the query string without escaping or parameterisation.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.005
EPSS Ranking 39.3%
CVSS Severity
CVSS v3 Score 9.8
Products affected by CVE-2026-49048
-
cpe:2.3:a:joomcoder:joomcck:*