What the vulnerability does
01Description
The Joomla extension Balbooa Forms is vulnerable to an unauthenticated arbitrary file upload that allows uploading executable files and leads to full RCE.
CVSS base score
CVSS vector
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H/E:A/AU:Y/U:Red
What the vulnerability does
The Joomla extension Balbooa Forms is vulnerable to an unauthenticated arbitrary file upload that allows uploading executable files and leads to full RCE.
Explanation of Vulnerability in Simple Terms
The Balbooa Forms extension for Joomla contains an unrestricted file upload vulnerability that allows unauthenticated attackers to upload arbitrary files to the server over the network. An attacker can exploit this to upload malicious files, potentially gaining control of the site. No user interaction is required to trigger the vulnerability.
What an attacker can do
Upload arbitrary files to the server without authentication, potentially executing malicious code.
Potential impact on your site
An attacker can upload and execute malicious files, compromising your entire Joomla installation and hosted data.
Conditions required to exploit
Network access to the Joomla site; no authentication or user interaction required.
CISA mandated remediation
Apply mitigations in accordance with vendor instructions, ensuring compliance with CISA’s BOD 26-04 Prioritizing Security Updates Based on Risk (see URL in Notes) guidance and CISA’s “Forensics Triage Requirements” (see URL in Notes). Follow applicable BOD 26-04 guidance for cloud services or discontinue use of the product if mitigations are unavailable. Stakeholders are responsible for evaluating each asset's internet exposure and ensuring adherence to BOD 26-04 patching guidelines.
Key dates
External resources
Related vulnerabilities