CVE-2026-49048

CVE-2026-49048: Joomla Extension - joomcoder.com - Unauthenticated SQL Injection in JoomCCK extension for Joomla < 6.4.1

Vendor Joomcoder.com

Product JoomCCK extension for Joomla

Weakness CWE-89 · SQLi

Published June 28, 2026

Last update June 29, 2026

View on NVD All CVEs

CVSS base score

—

What the vulnerability does

Description

The Joomla extension JoomCCK exposes a front-end controller task, that builds two SQL statements by directly concatenating a user-supplied request parameter into the query string without escaping or parameterisation.

Key dates

Disclosure timeline

June 28, 2026 CVE published

June 29, 2026 Record updated