CVE-2026-49049
HIGHJoomla Extension - joomshaper.com - Unauthenticated access to Helix3 template ajax handler
Title source: cnaExploitation Summary
CVE-2026-49049 has been observed exploited in the wild (reported by ENISA EUVD). EIP tracks 4 public exploits from researchers including ExDev994, Dr-D25, frada321.
AI-analyzed exploit summary This repository contains a functional exploit for CVE-2026-49049, an unauthenticated remote code execution vulnerability in Helix3 Joomla templates (JoomShaper). The exploit leverages arbitrary file write via path traversal in the AJAX handler to drop a webshell and achieve RCE.
Description
The Helix3 plugin for Joomla exposes an ajax handler task, that allows unauthenticated attackers to delete arbitrary files, write arbitrary JSON files and update template parameters.
Exploits (4)
This repository contains a functional exploit for CVE-2026-49049, an unauthenticated remote code execution vulnerability in Helix3 Joomla templates (JoomShaper). The exploit leverages arbitrary file write via path traversal in the AJAX handler to drop a webshell and achieve RCE.
This repository provides a functional PoC for CVE-2026-49049, an unauthenticated arbitrary file write vulnerability in JoomShaper Helix3 (Joomla) via path traversal in the `layoutName` parameter. The exploit demonstrates how to write a JSON file to an arbitrary location on the server.
The repository contains an empty README.md file with no technical details, exploit code, or vulnerability analysis. It appears to be a placeholder or incomplete submission with no functional content.
This repository provides a non-destructive scanner for CVE-2026-49049, an unauthenticated AJAX handler vulnerability in the Helix3 Joomla template framework (versions 1.0-3.1.0). The tool detects accessible endpoints (`save`, `remove`, `import`) without exploiting them, using a temporary probe file that is immediately cleaned up.
References (1)
Scores
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N