The Joomla extension Events Booking prior version 5.8.0 did by default allow unauthenticated users to upload media assets. This CVE record was published on 2026-07-17T16:17:16.113Z and has not been modified since then. The vulnerability affects Joomla Events Booking extension, allowing unauthenticated users to upload media assets by default, potentially leading to malicious asset uploads.
The Joomla extension Events Booking is vulnerable to an unauthenticated user enumeration, allowing attackers to retrieve account usernames and email addresses. This CVE was published on 2026-07-17T16:17:16.017Z. The vulnerability affects users of the Events Booking extension, and they should verify their installations and update to a patched version if available. The NVD entry for this CVE is currently De [truncated]