Arbitrary File Upload in SP Page Builder for Joomla
CVE-2026-48908

10CRITICAL

Key Information:

Vendor

Joomshaper.net

Status
Sp Page Builder Extension For Joomla
Vendor
CVE Published:
20 June 2026

What is CVE-2026-48908?

A vulnerability in the SP Page Builder for Joomla permits unauthenticated users to upload arbitrary files. This weakness can lead to the execution of PHP code, presenting significant security risks for Joomla websites using this extension.

Affected Version(s)

SP Page Builder extension for Joomla 1.0.0-6.6.1

References

https://www.joomshaper.com/page-builder
product

CVSS V4

Score:
10
Severity:
CRITICAL
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Attack Required:
None
Privileges Required:
Undefined
User Interaction:
None

Timeline

  • Vulnerability published

  • Vulnerability Reserved

Credit

Phil Taylor
.