PatchSiren cyber security CVE debrief
CVE-2026-60024 joomdonation.com CVE debrief
The Joomla extension Events Booking prior version 5.8.0 did by default allow unauthenticated users to upload media assets. This CVE record was published on 2026-07-17T16:17:16.113Z and has not been modified since then. The vulnerability affects Joomla Events Booking extension, allowing unauthenticated users to upload media assets by default, potentially leading to malicious asset uploads.
- Vendor
- joomdonation.com
- Product
- Events Booking extension for Joomla
- CVSS
- Unknown
- CISA KEV
- Not listed in stored evidence
- Original CVE published
- 2026-07-17
- Original CVE updated
- 2026-07-17
- Advisory published
- 2026-07-17
- Advisory updated
- 2026-07-17
Who should care
Users of Joomla Events Booking extension prior to version 5.8.0, operators, platform administrators, vulnerability management teams, and security teams should review and update their installations to prevent potential media asset uploads by unauthenticated users. They should also monitor for suspicious media asset uploads and review compensating controls for exposed systems.
Technical summary
The Events Booking extension for Joomla, prior to version 5.8.0, allowed unauthenticated users to upload media assets by default. This vulnerability could potentially be exploited to upload malicious assets, impacting the security of Joomla installations. Users of the extension should review and update their installations to prevent potential security risks.
Defensive priority
Medium
Recommended defensive actions
- Review and update Joomla Events Booking extension to version 5.8.0 or later
- Restrict media asset uploads to authenticated users
- Monitor for suspicious media asset uploads
- Confirm whether affected product deployments exist in managed environments and assign an owner for follow-up.
- Review compensating controls for exposed systems while remediation is scheduled and verified.
Evidence notes
The CVE record and NVD entry provide limited information about the vulnerability. Further investigation and verification are necessary to fully understand the impact and scope of this vulnerability. The source details are limited, and defenders should verify the affected scope, severity, and vendor guidance. The CVE record was published on 2026-07-17T16:17:16.113Z and has not been modified since then.
Official resources
-
CVE-2026-60024 CVE record
CVE.org
-
CVE-2026-60024 NVD detail
NVD
-
Source item URL
nvd_modified
- Source reference
AI-assisted PatchSiren debrief based on the supplied source corpus. The CVE record was published on 2026-07-17T16:17:16.113Z and has not been modified since then.