CVE lookup
CVE-2026-48908
Pruva has a verified reproduction for CVE-2026-48908: SP Page Builder for Joomla allows unauthenticated arbitrary file upload via asset.uploadCustomIcon, enabling PHP upload and remote code execution.. The canonical evidence record is REPRO-2026-00269.
REPRO
REPRO-2026-00269
Package
SP Page Builder (com_sppagebuilder) · Joomla extension
Severity
CRITICAL
Status
published