Question 1

What is CVE-2026-49048 — CVE-2026-49048?

Accepted Answer

The Joomla extension JoomCCK exposes a front-end controller task, that builds two SQL statements by directly concatenating a user-supplied request parameter into the query string without escaping or parameterisation.

Question 2

What is the authoritative source for CVE-2026-49048?

Accepted Answer

CVE-2026-49048 (CVE-2026-49048) is catalogued in NVD + CISA KEV + FIRST EPSS and curated for EU compliance use cases by SQUR.

CVE-2026-49048CVE-2026-49048

Description

Scoring