EUVD-2026-32162
GHSA-wfvx-j6wj-x7w9
CVSS VectorNVD
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:H/VA:H/SC:N/SI:H/SA:H/AU:Y
Lifecycle Timeline
1DescriptionNVD
The vulnerability in the Tassos Framework Plugin allows users to delete arbitrary files on the affected sites.
AnalysisAI
Arbitrary file deletion in the Novarain/Tassos Framework system plugin (plg_system_nrframework) and the suite of Tassos.gr Joomla extensions that bundle it lets remote unauthenticated attackers delete arbitrary files on affected sites. The CVSS 4.0 vector (PR:N/UI:N) and the 'Authentication Bypass' tag indicate no credentials or interaction are needed, and the high integrity/availability impact reflects that deleting core files such as Joomla's configuration.php can lead to denial of service or site takeover. …
Sign in for full analysis, threat intelligence, and remediation guidance.
RemediationAI
Within 24 hours: Audit all Joomla installations to identify systems running plg_system_nrframework or Tassos.gr extensions; document affected versions and server locations. Within 7 days: Disable or remove the affected plugin from all instances; apply compensating controls (firewall rules, file permissions); verify deletion capability is blocked. …
Sign in for detailed remediation steps.
Share
External POC / Exploit Code
Leaving vuln.today