Skip to main content

Balbooa Com Balbooa Forms Extension For Joomla

1 CVEs product

Monthly

CVE-2026-56291 CRITICAL POC KEV THREAT NEWS Emergency

Unauthenticated arbitrary file upload in the Balbooa Forms extension for Joomla lets remote attackers upload executable server-side scripts and achieve full remote code execution. The flaw carries a maximum CVSS 4.0 base score of 10.0 with a scope change, meaning a successful upload compromises the underlying host beyond the vulnerable extension. No public exploit identified at time of analysis, though a third-party write-up (mysites.guru) documents the flaw and the supplied CVSS metadata asserts observed attack activity.

File Upload Balbooa Com Balbooa Forms Extension For Joomla
NVD VulDB GitHub
CVSS 4.0
10.0
EPSS
0.3%
Threat
5.0
EPSS 0% 5.0 CVSS 10.0
CRITICAL POC KEV THREAT Emergency

Unauthenticated arbitrary file upload in the Balbooa Forms extension for Joomla lets remote attackers upload executable server-side scripts and achieve full remote code execution. The flaw carries a maximum CVSS 4.0 base score of 10.0 with a scope change, meaning a successful upload compromises the underlying host beyond the vulnerable extension. No public exploit identified at time of analysis, though a third-party write-up (mysites.guru) documents the flaw and the supplied CVSS metadata asserts observed attack activity.

File Upload Balbooa Com Balbooa Forms Extension For Joomla
NVD VulDB GitHub

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy