CVE-2026-21625 MEDIUM

CVE-2026-21625: Extension - stackideas.com - Lack of mime type validation in EasyDiscuss component 1.0.0-5.0.15 for Joomla

Vendor Stackideas.com
Product EasyDiscuss extension for Joomla
Weakness CWE-434 · Unrestricted file upload
Published January 16, 2026
Last update January 16, 2026

CVSS base score

4.8/10
Attack vector Network
Attack complexity Low
Privileges required Low
User interaction
Confidentiality
Integrity

CVSS vector

CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:A/VC:N/VI:N/VA:N/SC:L/SI:L/SA:L

What the vulnerability does

01Description

User provided uploads to the Easy Discuss component for Joomla aren't properly validated. Uploads are purely checked by file extensions, no mime type checks are happening.

Explanation of Vulnerability in Simple Terms

02Summary

The EasyDiscuss extension for Joomla contains an unrestricted file upload vulnerability. An authenticated user with low privileges can upload files by interacting with the application, potentially allowing them to store malicious files on the server. The impact is limited to the affected component and does not extend to the broader system.

What an attacker can do

03Attacker Capabilities

Upload files to the server without proper validation or restrictions.

Potential impact on your site

04Site Impact

Malicious files could be stored on your server, potentially leading to further compromise if executed or accessed.

Conditions required to exploit

05Prerequisites

Attacker must have a low-privilege Joomla user account and interact with the vulnerable upload feature.

Key dates

06Disclosure timeline

January 16, 2026 CVE published
January 16, 2026 Record updated

Related vulnerabilities

08Related CVE