A vulnerability in SP Page Builder for Joomla allows unauthenticated users to upload arbitrary files, ultimately resulting in the upload and execution of PHP code.
[POC] GHSA-3mgp-fx93-9xv5 — CVE-2026-48908
CVE-2026-48908
[POC] GHSA-3mgp-fx93-9xv5 — CVE-2026-48908-PoC
Unauthenticated RCE PoC for CVE-2026-48908 — SP Page Builder for Joomla (≤ 6.6.1): arbitrary file upload via asset.uploadCustomIcon. Self-cleaning, token-guarded. Authorized testing only.
[POC] GHSA-3mgp-fx93-9xv5 — CVE-2026-48908
Unauthenticated RCE PoC for CVE-2026-48908 SP Page Builder (Joomla) arbitrary file upload and remote code execution exploit with mass scaning support.
[POC] GHSA-3mgp-fx93-9xv5 — CVE-2026-48908-SP-Page-Builder-Joomla
CVE-2026-48908 - SP Page Builder Joomla Unauthenticated RCE
[POC] MAL-2026-2307 — CVE-2026-48908
Unauthenticated RCE PoC for CVE-2026-48908 SP Page Builder (Joomla) arbitrary file upload and remote code execution exploit with mass scaning support.
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Get alerted for CVEs like this
Register your stack and get notified within minutes when a matching CVE drops.
Start monitoring free