{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2026-49048", "assignerOrgId": "6ff30186-7fb7-4ad9-be33-533e7b05e586", "state": "PUBLISHED", "assignerShortName": "Joomla", "dateReserved": "2026-05-27T09:16:31.896Z", "datePublished": "2026-06-28T18:37:13.380Z", "dateUpdated": "2026-06-28T18:37:13.380Z"}, "containers": {"cna": {"affected": [{"defaultStatus": "unaffected", "product": "JoomCCK extension for Joomla", "vendor": "joomcoder.com", "versions": [{"status": "affected", "version": "1.0-6.4.0"}]}], "credits": [{"lang": "en", "type": "finder", "value": "Kamil Soltanov"}], "descriptions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "The Joomla extension JoomCCK exposes a front-end controller task, that builds two SQL statements by directly concatenating a user-supplied request parameter into the query string without escaping or parameterisation."}], "value": "The Joomla extension JoomCCK exposes a front-end controller task, that builds two SQL statements by directly concatenating a user-supplied request parameter into the query string without escaping or parameterisation."}], "impacts": [{"capecId": "CAPEC-66", "descriptions": [{"lang": "en", "value": "CAPEC-66 SQL Injection"}]}], "problemTypes": [{"descriptions": [{"cweId": "CWE-89", "description": "CWE-89 Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"orgId": "6ff30186-7fb7-4ad9-be33-533e7b05e586", "shortName": "Joomla", "dateUpdated": "2026-06-28T18:37:13.380Z"}, "references": [{"tags": ["product"], "url": "https://www.joomcoder.com/"}], "source": {"discovery": "UNKNOWN"}, "title": "Joomla Extension - joomcoder.com - Unauthenticated SQL Injection in JoomCCK extension for Joomla < 6.4.1", "x_generator": {"engine": "Vulnogram 0.1.0-dev"}}}}

{}

{}

{}

{}