What the vulnerability does
01Description
The Joomla extension Helix Ultimate is vulnerable to an unauthenticated arbitrary file deletion.
CVSS base score
CVSS vector
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:H/VA:H/SC:N/SI:N/SA:N
What the vulnerability does
The Joomla extension Helix Ultimate is vulnerable to an unauthenticated arbitrary file deletion.
Explanation of Vulnerability in Simple Terms
The Helix Ultimate extension for Joomla is missing authorization checks that allow unauthenticated attackers to modify site data over the network. An attacker can change or delete content without needing valid credentials or user interaction. This affects versions 1.0 through 2.2.6. Site administrators should update to a version newer than 2.2.6 as soon as possible.
What an attacker can do
Modify or delete site data without logging in.
Potential impact on your site
Attackers can alter or remove your site content, pages, and settings without your knowledge or permission.
Conditions required to exploit
Network access only; no authentication or user interaction required.
Key dates
External resources
Related vulnerabilities