SQL Injection Vulnerability in AcyMailing for Joomla
CVE-2026-56292

9.2CRITICAL

What is CVE-2026-56292?

A SQL injection vulnerability exists in the AcyMailing component for Joomla versions earlier than 10.11.1. This security flaw allows attackers to execute arbitrary SQL queries, potentially leading to unauthorized access to sensitive database information and exposing user data. It is crucial for Joomla users employing AcyMailing to update to the latest version to mitigate risks of exploitation.

Affected Version(s)

acymailing.com AcyMailing extension for Joomla 1.0-10.11.0

References

CVSS V4

Score:
9.2
Severity:
CRITICAL
Confidentiality:
High
Integrity:
Low
Availability:
Low
Attack Vector:
Network
Attack Complexity:
Low
Attack Required:
Physical
Privileges Required:
Undefined
User Interaction:
None

Timeline

  • Vulnerability published

  • Vulnerability Reserved

Credit

Phil Taylor
.