SQL Injection in Joomcoder.com Joomcck Extension For Joomla
CVE-2026-49048
The Joomla extension JoomCCK exposes a front-end controller task, that builds two SQL statements by directly concatenating a user-supplied request parameter into the query string without escaping or parameterisation.
Vulnerability class: SQL Injection
Affected products
- Joomcoder.com Joomcck Extension For Joomla — versions 1.0-6.4.0
Weakness classification (CWE)
References
- security@joomla.org (product)