Skip to main content

Helix3 Extension For Joomla

1 CVEs product

Monthly

CVE-2026-49049 HIGH POC This Week

Improper access control in the Helix3 template framework extension for Joomla (versions 1.0 through 3.1.1) exposes an AJAX handler task that lets remote unauthenticated attackers delete arbitrary files, write arbitrary JSON files, and modify template parameters. Because the handler performs no authentication or authorization check, an attacker can corrupt site configuration or destroy files without credentials. There is no public exploit identified at time of analysis, but the issue is automatable per CISA SSVC and carries a CVSS 7.5 (High) due to its network-reachable, unauthenticated integrity impact.

Authentication Bypass Helix3 Extension For Joomla
NVD VulDB GitHub
CVSS 3.1
7.5
EPSS
0.2%
EPSS 0% CVSS 7.5
HIGH POC This Week

Improper access control in the Helix3 template framework extension for Joomla (versions 1.0 through 3.1.1) exposes an AJAX handler task that lets remote unauthenticated attackers delete arbitrary files, write arbitrary JSON files, and modify template parameters. Because the handler performs no authentication or authorization check, an attacker can corrupt site configuration or destroy files without credentials. There is no public exploit identified at time of analysis, but the issue is automatable per CISA SSVC and carries a CVSS 7.5 (High) due to its network-reachable, unauthenticated integrity impact.

Authentication Bypass Helix3 Extension For Joomla
NVD VulDB GitHub

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy