What the vulnerability does
01Description
The Joomla extension Page Builder CK is vulnerable to an unauthenticated arbitrary file upload that allows uploading executable files and leads to full RCE.
CVSS base score
CVSS vector
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H/E:A/AU:Y/U:Red
What the vulnerability does
The Joomla extension Page Builder CK is vulnerable to an unauthenticated arbitrary file upload that allows uploading executable files and leads to full RCE.
Explanation of Vulnerability in Simple Terms
The JoomlaCK.fr Page Builder CK extension for Joomla contains an access control flaw that allows unauthenticated attackers to perform unauthorized actions over the network. The vulnerability affects versions 1.0-3.6.0 and earlier. No patch information is currently available. Site administrators should monitor for updates from the vendor.
What an attacker can do
Perform unauthorized actions on the Joomla site without authentication.
Potential impact on your site
Attackers can modify or access sensitive site data and functionality without logging in.
Conditions required to exploit
Network access only; no authentication or user interaction required.
Key dates
External resources