CVE Catalog
CVE-2026-48939
CriticalCVSS 9.8Exploitation Probability (EPSS)
Low risk0.52%
40th percentile — higher than 40% of all known CVEs
Summary
A vulnerability in the iCagenda extension for Joomla allows arbitrary file upload in the attachment feature, leading to PHP code upload and execution.
Risk Assessment
An attacker can achieve remote code execution on the server, potentially leading to full compromise of the Joomla site and data access.
Recommendation
Immediately update the iCagenda extension to the latest version and restrict file upload capabilities to trusted users only.
Original NVD description (English source)
A vulnerability in the iCagenda extension for Joomla allows the upload of arbitrary files in the file attachment feature, ultimately resulting in PHP code upload and execution.

