CVE-2026-48939
CRITICALJoomla Extension - icagenda.com - Remote Code Execution in iCaganda extension for Joomla < 4.0.8/3.9.15
Title source: cnaExploitation Summary
EIP tracks 1 public exploit for CVE-2026-48939. PoCs published by Polosss.
AI-analyzed exploit summary The repository provides a functional exploit for CVE-2026-48939, an unauthenticated file upload vulnerability in iCagenda for Joomla, leading to Remote Code Execution (RCE). It includes detailed technical analysis, curl commands, and a PoC script for exploitation.
Description
A vulnerability in the iCagenda extension for Joomla allows the upload of arbitrary files in the file attachment feature, ultimately resulting in PHP code upload and execution.
Exploits (1)
The repository provides a functional exploit for CVE-2026-48939, an unauthenticated file upload vulnerability in iCagenda for Joomla, leading to Remote Code Execution (RCE). It includes detailed technical analysis, curl commands, and a PoC script for exploitation.
References (5)
Scores
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H