Zero Day MonitorZDM
DashboardVulnerabilitiesTrendingZero-DaysNewsAbout
Login
ImpressumPrivacy Policy
Zero Day Monitor © 2026
2666 articles · 174691 vulns · 37/41 feeds (7d)
← Back to list
—
CVE-2026-48939KEVEXPLOITED
joomla · icagenda

Joomla Extension - icagenda.com - Remote Code Execution in iCaganda extension for Joomla < 4.0.8/3.9.15

Description

A vulnerability in the iCagenda extension for Joomla allows the upload of arbitrary files in the file attachment feature, ultimately resulting in PHP code upload and execution.

Affected Products

VendorProductVersions
joomlaicagenda3.2.1-4.0.7

References

  • https://www.icagenda.com/(product)

Related News (2 articles)

Tier D
The Hacker News4h ago
iCagenda and Balbooa Forms Joomla Flaws Reportedly Exploited as Zero-Days
→ No new info (linked only)
Tier C
VulDB22d ago
CVE-2026-48939 | iCagenda Extension up to 3.9.14/4.0.7 on Joomla access control
→ No new info (linked only)
CISA KEV✅ Yes
Actively exploited✅ Yes
CWECWE-434
PublishedJun 20, 2026
Last enriched22d agov2
Trending Score129🔥
Source articles2
Independent2
Info Completeness7/14
Missing: cvss, epss, kev, exploit, patch, iocs, mitre_attack

Community Vote

0
Login to vote
0 upvotes0 downvotes
No votes yet

Related CVEs (5)

NONECVE-2026-48950EXP
Joomla! Core - [20260704] - XSS in com_templates
Trending: 28
NONECVE-2026-48952EXP
Joomla! Core - [20260706] - XSS in com_installer
Trending: 26
NONECVE-2019-25748EXP
Joomla JHotelReservation 6.0.7 SQL Injection via search-hotels
Trending: 2
NONECVE-2017-20282EXP
Joomla! Component jCart for OpenCart 2.0 SQL Injection
Trending: 2
NONECVE-2017-20273EXP
Joomla Event Registration Pro Calendar 4.1.3 SQL Injection
Trending: 2

Pin to Dashboard

Verification

State: unverified
Confidence: 0%

Vulnerability Timeline

CVE Published
Jun 20, 2026
Added to CISA KEV
Jun 20, 2026
Discovered by ZDM
Jun 20, 2026
Updated: severity, activelyExploited
Jun 20, 2026
Actively Exploited
Jul 11, 2026

Version History

v2
Last enriched 22d ago
v2Tier C22d ago

Updated severity to CRITICAL and marked the vulnerability as actively exploited.

severityactivelyExploited
via VulDB
v122d ago

Initial creation