CVE-2026-48939

UNKNOWN 0.0

Joomla Extension - icagenda.com - Remote Code Execution in iCaganda extension for Joomla < 4.0.8/3.9.15

CVSS Score

0.0

EPSS Score

0.0%

EPSS Percentile

0th

A vulnerability in the iCagenda extension for Joomla allows the upload of arbitrary files in the file attachment feature, ultimately resulting in PHP code upload and execution.

CWE	CWE-284
Vendor	icagenda.com
Product	icagenda extension for joomla
Published	Jun 20, 2026

Stay Ahead of the Next One

Get instant alerts for icagenda.com icagenda extension for joomla

Be the first to know when new unknown vulnerabilities affecting icagenda.com icagenda extension for joomla are published — delivered to Slack, Telegram or Discord.

Get Free Alerts → Free · No credit card · 60 sec setup

Affected Versions

icagenda.com / iCagenda extension for Joomla

1.0.0-3.9.14 4.0.0-4.0.7

References

NVD ↗ CVE.org ↗ EPSS Data ↗

icagenda.com: https://www.icagenda.com/

Credits

Phil Taylor