Severity by source
AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
Unauthenticated network endpoint with no UI gives AV:N/AC:L/PR:N/UI:N; arbitrary file write/param change yields I:H, and arbitrary file deletion adds limited availability impact (A:L), no confidentiality.
Primary rating from Vendor (Joomla).
CVSS VectorVendor: Joomla
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
Lifecycle Timeline
3DescriptionCVE.org
The Helix3 plugin for Joomla exposes an ajax handler task, that allows unauthenticated attackers to delete arbitrary files, write arbitrary JSON files and update template parameters.
AnalysisAI
Improper access control in the Helix3 template framework extension for Joomla (versions 1.0 through 3.1.1) exposes an AJAX handler task that lets remote unauthenticated attackers delete arbitrary files, write arbitrary JSON files, and modify template parameters. Because the handler performs no authentication or authorization check, an attacker can corrupt site configuration or destroy files without credentials. …
Unlock full vulnerability intelligence
- Risk assessment & exploitation conditions
- Attack chain visualization
- Remediation with exact patch versions
- Threat intelligence from 22 sources
- Personal watchlist & email alerts
Free forever · No credit card required
Attack ChainAIDerived
Hypothetical attack flow derived from CVE metadata
Vulnerability AssessmentAI
| Exploitation | The target must be a Joomla site running the Helix3 extension version 1.0 through 3.1.1 with the vulnerable AJAX handler task reachable over HTTP/HTTPS. … Additional conditions and limiting factors are described in the full assessment. |
| Risk Assessment | The CVSS 3.1 vector (AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N, score 7.5) and the description agree: this is network-reachable, low-complexity, and requires no privileges or user interaction, with high integrity impact and no stated confidentiality or availability impact. … Full risk analysis with EPSS, KEV, and SSVC signal comparison available after sign-in. |
| Exploit Scenario | An attacker sends a crafted HTTP request to the exposed Helix3 AJAX task endpoint on a public Joomla site, with no login required, invoking the file-write or file-delete operation. They overwrite template parameter JSON to alter site behavior or delete critical files to deface or disrupt the site. … |
| Remediation | No vendor-released patch version is identified in the available data; affected versions are listed as 1.0 through 3.1.1, which implies a fixed release likely exists above 3.1.1, but no exact patched version is confirmed here, so upgrade to the latest Helix3 build published by JoomShaper and confirm the fix version directly with the vendor at https://www.joomshaper.com/ before relying on it. … Detailed patch versions, workarounds, and compensating controls in full report. |
Recommended ActionAI
Within 24 hours: Audit all Joomla instances for Helix3 extension versions 1.0-3.1.1; disable the extension if business-critical functions do not depend on it, or restrict access to the AJAX handler via firewall or WAF rules. …
Sign in for detailed remediation steps and compensating controls.
Threat intelligence, references, and detailed analysis are available after sign-in.
Same weakness CWE-284 – Improper Access Control
View allSame technique Authentication Bypass
View allShare
External POC / Exploit Code
Leaving vuln.today
EUVD-2026-40122
GHSA-xr7r-292v-jxg8