All intelligence
// vulnerability record
cached · NVD via COSMOS syncCVE-2026-49048
NONEpublished 2026-06-28 19:16 UTC · 22 hours ago
CVSS / 10
// description
The Joomla extension JoomCCK exposes a front-end controller task, that builds two SQL statements by directly concatenating a user-supplied request parameter into the query string without escaping or parameterisation.
// weaknesses (CWE)
- CWE-89