CVE Details

CVE-2026-48908 JoomShaper SP Page Builder Unrestricted Upload of File with Dangerous Type Vulnerability
Published: 2026-07-07 CVSS: 10 CRITICAL Product: JoomShaper SP Page Builder Due Date: 2026-07-10

JoomShaper SP Page Builder contains an unrestricted upload of file with dangerous type vulnerability that allows unauthenticated users to upload arbitrary files, ultimately resulting in the upload and execution of PHP code.

GitHub PoC

Warning: GitHub PoC repositories are unverified. Some may be fake or contain malware. Use caution and review code before running anything.
  • papageo75/CVE-2026-48908-PoC • ⭐ 12 • 2026-06-22 • Conf: 99.0%
  • Unauthenticated RCE PoC for CVE-2026-48908 — SP Page Builder for Joomla (≤ 6.6.1): arbitrary file upload via asset.uploadCustomIcon. Self-cleaning, token-guarded. Authorized testing only.
  • gagaltotal/CVE-2026-48908-SP-Page-Builder-Joomla • ⭐ 0 • 2026-06-24 • Conf: 95.0%
  • CVE-2026-48908 - SP Page Builder Joomla Unauthenticated RCE
  • Jenderal92/CVE-2026-48908 • ⭐ 0 • 2026-07-07 • Conf: 93.0%
  • CVE-2026-48908 — PoC exploit for unauthenticated RCE in SP Page Builder (Joomla) via arbitrary file upload. Multi‑threaded, case‑bypass, shell verification. For authorized security testing only.

FIRST EPSS

EPSS estimates the probability of exploitation in the next 30 days. Higher values indicate higher likelihood of real-world exploitation.

Timeline

CVE Stalker KEV MITRE GitHub FIRST (EPSS)

MITRE

CVSS

  • Score: 10
  • Severity: CRITICAL
  • Vector: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H/E:A/AU:Y/U:Red

SSVC

  • Exploitation: active
  • Automatable: yes
  • Technical Impact: total

References

Show Raw Data
Key Remaining Key Value
dataType CVE_RECORD
dataVersion 5.2
cveMetadata > cveId CVE-2026-48908
cveMetadata > assignerOrgId 6ff30186-7fb7-4ad9-be33-533e7b05e586
cveMetadata > state PUBLISHED
cveMetadata > assignerShortName Joomla
cveMetadata > dateReserved 2026-05-26T10:06:17.657Z
cveMetadata > datePublished 2026-06-20T11:57:00.501Z
cveMetadata > dateUpdated 2026-07-07T17:54:16.964Z
containers > cna > affected > 0 > defaultStatus unaffected
containers > cna > affected > 0 > product SP Page Builder extension for Joomla
containers > cna > affected > 0 > vendor joomshaper.net
containers > cna > affected > 0 > versions > 0 > status affected
containers > cna > affected > 0 > versions > 0 > version 1.0.0-6.6.1
containers > cna > credits > 0 > lang en
containers > cna > credits > 0 > type finder
containers > cna > credits > 0 > value Phil Taylor
containers > cna > descriptions > 0 > lang en
containers > cna > descriptions > 0 > supportingMedia > 0 > base64 False
containers > cna > descriptions > 0 > supportingMedia > 0 > type text/html
containers > cna > descriptions > 0 > supportingMedia > 0 > value A vulnerability in SP Page Builder for Joomla allows unauthenticated users to upload arbitrary files, ultimately resulting in the upload and execution of PHP code.
containers > cna > descriptions > 0 > value A vulnerability in SP Page Builder for Joomla allows unauthenticated users to upload arbitrary files, ultimately resulting in the upload and execution of PHP code.
containers > cna > impacts > 0 > capecId CAPEC-242
containers > cna > impacts > 0 > descriptions > 0 > lang en
containers > cna > impacts > 0 > descriptions > 0 > value CAPEC-242: Code Injection
containers > cna > metrics > 0 > cvssV4_0 > Automatable YES
containers > cna > metrics > 0 > cvssV4_0 > Recovery NOT_DEFINED
containers > cna > metrics > 0 > cvssV4_0 > Safety NOT_DEFINED
containers > cna > metrics > 0 > cvssV4_0 > attackComplexity LOW
containers > cna > metrics > 0 > cvssV4_0 > attackRequirements NONE
containers > cna > metrics > 0 > cvssV4_0 > attackVector NETWORK
containers > cna > metrics > 0 > cvssV4_0 > baseScore 10
containers > cna > metrics > 0 > cvssV4_0 > baseSeverity CRITICAL
containers > cna > metrics > 0 > cvssV4_0 > exploitMaturity ATTACKED
containers > cna > metrics > 0 > cvssV4_0 > privilegesRequired NONE
containers > cna > metrics > 0 > cvssV4_0 > providerUrgency RED
containers > cna > metrics > 0 > cvssV4_0 > subAvailabilityImpact HIGH
containers > cna > metrics > 0 > cvssV4_0 > subConfidentialityImpact HIGH
containers > cna > metrics > 0 > cvssV4_0 > subIntegrityImpact HIGH
containers > cna > metrics > 0 > cvssV4_0 > userInteraction NONE
containers > cna > metrics > 0 > cvssV4_0 > valueDensity NOT_DEFINED
containers > cna > metrics > 0 > cvssV4_0 > vectorString CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H/E:A/AU:Y/U:Red
containers > cna > metrics > 0 > cvssV4_0 > version 4.0
containers > cna > metrics > 0 > cvssV4_0 > vulnAvailabilityImpact HIGH
containers > cna > metrics > 0 > cvssV4_0 > vulnConfidentialityImpact HIGH
containers > cna > metrics > 0 > cvssV4_0 > vulnIntegrityImpact HIGH
containers > cna > metrics > 0 > cvssV4_0 > vulnerabilityResponseEffort NOT_DEFINED
containers > cna > metrics > 0 > format CVSS
containers > cna > metrics > 0 > scenarios > 0 > lang en
containers > cna > metrics > 0 > scenarios > 0 > value GENERAL
containers > cna > problemTypes > 0 > descriptions > 0 > cweId CWE-434
containers > cna > problemTypes > 0 > descriptions > 0 > description CWE-434: Unrestricted Upload of File with Dangerous Type
containers > cna > problemTypes > 0 > descriptions > 0 > lang en
containers > cna > problemTypes > 0 > descriptions > 0 > type CWE
containers > cna > providerMetadata > orgId 6ff30186-7fb7-4ad9-be33-533e7b05e586
containers > cna > providerMetadata > shortName Joomla
containers > cna > providerMetadata > dateUpdated 2026-07-05T14:28:47.097Z
containers > cna > references > 0 > tags > 0 product
containers > cna > references > 0 > url https://www.joomshaper.com/page-builder
containers > cna > source > discovery UNKNOWN
containers > cna > title Joomla Extension - joomshaper.com - Remote Code Execution in SP Pagebuilder extension for Joomla < 6.6.2
containers > cna > x_generator > engine Vulnogram 0.1.0-dev
containers > adp > 0 > metrics > 0 > other > type ssvc
containers > adp > 0 > metrics > 0 > other > content > id CVE-2026-48908
containers > adp > 0 > metrics > 0 > other > content > role CISA Coordinator
containers > adp > 0 > metrics > 0 > other > content > options > 0 > Exploitation active
containers > adp > 0 > metrics > 0 > other > content > options > 1 > Automatable yes
containers > adp > 0 > metrics > 0 > other > content > options > 2 > Technical Impact total
containers > adp > 0 > metrics > 0 > other > content > version 2.0.3
containers > adp > 0 > metrics > 0 > other > content > timestamp 2026-07-07T17:45:05.067417Z
containers > adp > 0 > references > 0 > url https://mysites.guru/blog/sp-page-builder-zero-day-uploadcustomicon-rce/
containers > adp > 0 > references > 0 > tags > 0 third-party-advisory
containers > adp > 0 > references > 1 > url https://www.joomshaper.com/forum/question/45152
containers > adp > 0 > references > 1 > tags > 0 vendor-advisory
containers > adp > 0 > references > 2 > url https://extensions.joomla.org/extension/sp-page-builder/
containers > adp > 0 > references > 2 > tags > 0 patch
containers > adp > 0 > references > 3 > url https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2026-48908
containers > adp > 0 > references > 3 > tags > 0 government-resource
containers > adp > 0 > title CISA ADP Vulnrichment
containers > adp > 0 > providerMetadata > orgId 134c704f-9b21-4f2e-91b3-4a467353bcc0
containers > adp > 0 > providerMetadata > shortName CISA-ADP
containers > adp > 0 > providerMetadata > dateUpdated 2026-07-07T17:54:16.964Z