CVE Details

CVE-2026-48939 iCagenda Unrestricted Upload of File with Dangerous Type Vulnerability
Published: 2026-07-10 CVSS: 10 CRITICAL Product: iCagenda iCagenda Due Date: 2026-07-13

iCagenda contains an unrestricted upload of file with dangerous type vulnerability that allows the upload of arbitrary files in the file attachment feature, ultimately resulting in PHP code upload and execution.

GitHub PoC

Warning: GitHub PoC repositories are unverified. Some may be fake or contain malware. Use caution and review code before running anything.

FIRST EPSS

EPSS estimates the probability of exploitation in the next 30 days. Higher values indicate higher likelihood of real-world exploitation.

Timeline

CVE Stalker KEV MITRE GitHub FIRST (EPSS)

MITRE

CVSS

  • Score: 10
  • Severity: CRITICAL
  • Vector: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H/E:A/AU:Y/U:Red

SSVC

  • Exploitation: poc
  • Automatable: yes
  • Technical Impact: total

References

Show Raw Data
Key Remaining Key Value
dataType CVE_RECORD
dataVersion 5.2
cveMetadata > cveId CVE-2026-48939
cveMetadata > assignerOrgId 6ff30186-7fb7-4ad9-be33-533e7b05e586
cveMetadata > state PUBLISHED
cveMetadata > assignerShortName Joomla
cveMetadata > dateReserved 2026-05-26T16:47:13.549Z
cveMetadata > datePublished 2026-06-20T11:56:50.752Z
cveMetadata > dateUpdated 2026-07-05T14:29:56.926Z
containers > cna > affected > 0 > defaultStatus unaffected
containers > cna > affected > 0 > product iCagenda extension for Joomla
containers > cna > affected > 0 > vendor icagenda.com
containers > cna > affected > 0 > versions > 0 > status affected
containers > cna > affected > 0 > versions > 0 > version 3.2.1-4.0.7
containers > cna > credits > 0 > lang en
containers > cna > credits > 0 > type finder
containers > cna > credits > 0 > value Phil Taylor
containers > cna > descriptions > 0 > lang en
containers > cna > descriptions > 0 > supportingMedia > 0 > base64 False
containers > cna > descriptions > 0 > supportingMedia > 0 > type text/html
containers > cna > descriptions > 0 > supportingMedia > 0 > value A vulnerability in the iCagenda extension for Joomla allows the upload of arbitrary files in the file attachment feature, ultimately resulting in PHP code upload and execution.
containers > cna > descriptions > 0 > value A vulnerability in the iCagenda extension for Joomla allows the upload of arbitrary files in the file attachment feature, ultimately resulting in PHP code upload and execution.
containers > cna > impacts > 0 > capecId CAPEC-242
containers > cna > impacts > 0 > descriptions > 0 > lang en
containers > cna > impacts > 0 > descriptions > 0 > value CAPEC-242: Code Injection
containers > cna > metrics > 0 > cvssV4_0 > Automatable YES
containers > cna > metrics > 0 > cvssV4_0 > Recovery NOT_DEFINED
containers > cna > metrics > 0 > cvssV4_0 > Safety NOT_DEFINED
containers > cna > metrics > 0 > cvssV4_0 > attackComplexity LOW
containers > cna > metrics > 0 > cvssV4_0 > attackRequirements NONE
containers > cna > metrics > 0 > cvssV4_0 > attackVector NETWORK
containers > cna > metrics > 0 > cvssV4_0 > baseScore 10
containers > cna > metrics > 0 > cvssV4_0 > baseSeverity CRITICAL
containers > cna > metrics > 0 > cvssV4_0 > exploitMaturity ATTACKED
containers > cna > metrics > 0 > cvssV4_0 > privilegesRequired NONE
containers > cna > metrics > 0 > cvssV4_0 > providerUrgency RED
containers > cna > metrics > 0 > cvssV4_0 > subAvailabilityImpact HIGH
containers > cna > metrics > 0 > cvssV4_0 > subConfidentialityImpact HIGH
containers > cna > metrics > 0 > cvssV4_0 > subIntegrityImpact HIGH
containers > cna > metrics > 0 > cvssV4_0 > userInteraction NONE
containers > cna > metrics > 0 > cvssV4_0 > valueDensity NOT_DEFINED
containers > cna > metrics > 0 > cvssV4_0 > vectorString CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H/E:A/AU:Y/U:Red
containers > cna > metrics > 0 > cvssV4_0 > version 4.0
containers > cna > metrics > 0 > cvssV4_0 > vulnAvailabilityImpact HIGH
containers > cna > metrics > 0 > cvssV4_0 > vulnConfidentialityImpact HIGH
containers > cna > metrics > 0 > cvssV4_0 > vulnIntegrityImpact HIGH
containers > cna > metrics > 0 > cvssV4_0 > vulnerabilityResponseEffort NOT_DEFINED
containers > cna > metrics > 0 > format CVSS
containers > cna > metrics > 0 > scenarios > 0 > lang en
containers > cna > metrics > 0 > scenarios > 0 > value GENERAL
containers > cna > problemTypes > 0 > descriptions > 0 > cweId CWE-434
containers > cna > problemTypes > 0 > descriptions > 0 > description CWE-434: Unrestricted Upload of File with Dangerous Type
containers > cna > problemTypes > 0 > descriptions > 0 > lang en
containers > cna > problemTypes > 0 > descriptions > 0 > type CWE
containers > cna > providerMetadata > orgId 6ff30186-7fb7-4ad9-be33-533e7b05e586
containers > cna > providerMetadata > shortName Joomla
containers > cna > providerMetadata > dateUpdated 2026-07-05T14:29:56.926Z
containers > cna > references > 0 > tags > 0 product
containers > cna > references > 0 > url https://www.icagenda.com/
containers > cna > source > discovery UNKNOWN
containers > cna > title Joomla Extension - icagenda.com - Remote Code Execution in iCaganda extension for Joomla < 4.0.8/3.9.15
containers > cna > x_generator > engine Vulnogram 0.1.0-dev
containers > adp > 0 > references > 0 > url https://mysites.guru/blog/icagenda-zero-day-file-upload-rce/
containers > adp > 0 > references > 0 > tags > 0 third-party-advisory
containers > adp > 0 > references > 1 > url https://www.icagenda.com/docs/changelog/icagenda-3-9-15
containers > adp > 0 > references > 1 > tags > 0 patch
containers > adp > 0 > references > 2 > url https://www.icagenda.com/docs/changelog/icagenda-4-0-8
containers > adp > 0 > references > 2 > tags > 0 patch
containers > adp > 0 > references > 3 > url https://github.com/Polosss/By-Poloss..-..CVE-2026-48939
containers > adp > 0 > references > 3 > tags > 0 exploit
containers > adp > 0 > metrics > 0 > other > type ssvc
containers > adp > 0 > metrics > 0 > other > content > timestamp 2026-06-24T00:00:00+00:00
containers > adp > 0 > metrics > 0 > other > content > options > 0 > Exploitation poc
containers > adp > 0 > metrics > 0 > other > content > options > 1 > Automatable yes
containers > adp > 0 > metrics > 0 > other > content > options > 2 > Technical Impact total
containers > adp > 0 > metrics > 0 > other > content > role CISA Coordinator
containers > adp > 0 > metrics > 0 > other > content > version 2.0.3
containers > adp > 0 > metrics > 0 > other > content > id CVE-2026-48939
containers > adp > 0 > title CISA ADP Vulnrichment
containers > adp > 0 > providerMetadata > orgId 134c704f-9b21-4f2e-91b3-4a467353bcc0
containers > adp > 0 > providerMetadata > shortName CISA-ADP
containers > adp > 0 > providerMetadata > dateUpdated 2026-07-03T03:55:16.003Z