Joomla SP Page Builder RCE
What is the Vulnerability? FortiGuard telemetry shows continued exploitation attempts targeting vulnerable Joomla SP Page Builder installations. CVE-2026-48908 is a critical unauthenticated remote code execution (RCE) vulnerability affecting the SP Page Builder extension for Joomla. The flaw allows attackers to upload arbitrary PHP files through the custom icon upload functionality without authentication, potentially enabling remote…
|
What is the Vulnerability? |
FortiGuard telemetry shows continued exploitation attempts targeting vulnerable Joomla SP Page Builder installations. CVE-2026-48908 is a critical unauthenticated remote code execution (RCE) vulnerability affecting the SP Page Builder extension for Joomla. The flaw allows attackers to upload arbitrary PHP files through the custom icon upload functionality without authentication, potentially enabling remote code execution and full server compromise. Public proof-of-concept (PoC) exploit code is available, and active exploitation has been observed. The sustained increase in weekly exploitation activity indicates ongoing automated scanning campaigns targeting Internet-facing Joomla servers, highlighting the need for immediate patching and monitoring of vulnerable deployments. |
|
What is the recommended Mitigation? |
• Upgrade SP Page Builder to version 6.6.2 or later. |
|
What FortiGuard Coverage is available? |
• FortiGuard Intrusion Prevention System (IPS) protects against exploitation attempts targeting vulnerable SP Page Builder deployments. |
