CVE-2026-49048
CRITICAL NVDCVSS Score
9.8
Severity
CRITICAL
Source
NVD
Published
Jun 28, 2026
Description
The Joomla extension JoomCCK exposes a front-end controller task, that builds two SQL statements by directly concatenating a user-supplied request parameter into the query string without escaping or parameterisation.