joomcoder.com CVE debriefs

CVE-2026-49048

The Joomla extension JoomCCK is vulnerable to SQL injection. A front-end controller task directly concatenates a user-supplied request parameter into the query string without proper escaping or parameterization. This issue allows attackers to inject malicious SQL code. The CVE was published on June 28, 2026, and no additional information has been provided. Users of JoomCCK should review their installation [truncated]