CVE Catalog

CVE-2026-48908

CriticalCVSS 9.8
Published: Updated: Translated: NVD NIST

Exploitation Probability (EPSS)

Low risk
0.73%

50th percentile — higher than 50% of all known CVEs

Summary

A vulnerability in SP Page Builder for Joomla allows unauthenticated users to upload arbitrary files, ultimately resulting in the upload and execution of PHP code.

Risk Assessment

An attacker can take over the Joomla server, steal data, or install malware without requiring authentication.

Recommendation

Immediately update SP Page Builder to the latest version and restrict file upload functionality to trusted users only.

Original NVD description (English source)

A vulnerability in SP Page Builder for Joomla allows unauthenticated users to upload arbitrary files, ultimately resulting in the upload and execution of PHP code.

Vulnerability data from NVD (NIST) · CISA KEV · EPSS