Widget Factory Joomla Content Editor contains an improper access control vulnerability which could allow for upload and execution of PHP code via the creation of new editor profiles for unauthenticated users.
[POC] GHSA-3mgp-fx93-9xv5 — CVE-2026-48907
CVE-2025-48907 - Unauthenticated RCE exploit for Joomla JCE < 2.9.99.5
[POC] CVE-2026-48907 — joomla-jce-cve-2026-48907-detection
Defensive lab validation and SOC detection guidance for CVE-2026-48907 in Joomla JCE <= 2.9.99.4, including Apache/Joomla/auditd telemetry, webshell artifacts, Sigma rules, MITRE ATT&CK mapping and mitigation recommendations.
[POC] CVE-2026-48907 — CVE-2026-48907
CVE-2026-48907 is a critical improper access control vulnerability in the JCE editor extension for Joomla. It allows unauthenticated attackers to create new editor profiles, which can ultimately lead to arbitrary PHP file upload and remote code execution on affected systems
[POC] CVE-2026-48907 — CVE-2026-48907
CVE-2026-48907
[POC] CVE-2026-48907 — CVE-2026-48907
CVE-2026-48907
[POC] CVE-2026-48907 — CVE-2026-48907
PoC for CVE-2026-48907 - Joomla! JCE extension < 2.9.99.5 unauthenticated RCE
[POC] CVE-2026-48907 — CVE-2026-48907-Unauthenticated-RCE-in-JCE
CVE-2026-48907: Unauthenticated RCE in JCE (Proof Of Concept)
PoC: CVE-2026-48907
CVE-2026-48907 – Joomla JCE Unauthenticated Remote Code Execution (RCE)
PoC: Joomla_CVE_2026_48907
cve-2026-48907 scanner
PoC: CVE-2026-48907
CVE-2026-48907 is a CVSS 10.0 pre-auth RCE in Joomla Content Editor affecting all versions ≤ 2.9.99.4. The Grayxploit team breaks down the 3-weakness chain — missing auth, no extension validation, and an unsafe upload flag — that lets attackers pop a shell in 3 HTTP requests.
PoC: masta-cve-2026-48907
cve-2026-48907 scanner
Get alerted for CVEs like this
Register your stack and get notified within minutes when a matching CVE drops.
Start monitoring free