SQL Injection in Joomla Extension Affects JoomCCK by JoomCoder
CVE-2026-49048

Currently unrated

Key Information:

Vendor: Joomcoder.com
Status: Joomcck Extension For Joomla
Vendor: CVE Published:; 28 June 2026

🔔 Create Joomcoder.com Vulnerability Alert

What is CVE-2026-49048?

The JoomCCK extension for Joomla is vulnerable to SQL injection due to improper handling of user-supplied input. A front-end controller task concatenates user parameters directly into SQL queries without utilizing proper escaping or parameterization techniques. This flaw allows attackers to craft malicious requests that can manipulate the database, potentially leading to unauthorized data disclosure or manipulation.

Affected Version(s)

JoomCCK extension for Joomla 1.0-6.4.0

References

https://www.joomcoder.com/

product

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jun 28, 2026
Vulnerability Reserved
May 27, 2026

Credit

Kamil Soltanov

CVE-2026-49048 Data

JSON