Balbooa Com Balbooa Forms Extension For Joomla
Monthly
Unauthenticated arbitrary file upload in the Balbooa Forms extension for Joomla lets remote attackers upload executable server-side scripts and achieve full remote code execution. The flaw carries a maximum CVSS 4.0 base score of 10.0 with a scope change, meaning a successful upload compromises the underlying host beyond the vulnerable extension. No public exploit identified at time of analysis, though a third-party write-up (mysites.guru) documents the flaw and the supplied CVSS metadata asserts observed attack activity.
Unauthenticated arbitrary file upload in the Balbooa Forms extension for Joomla lets remote attackers upload executable server-side scripts and achieve full remote code execution. The flaw carries a maximum CVSS 4.0 base score of 10.0 with a scope change, meaning a successful upload compromises the underlying host beyond the vulnerable extension. No public exploit identified at time of analysis, though a third-party write-up (mysites.guru) documents the flaw and the supplied CVSS metadata asserts observed attack activity.