Arbitrary file upload in Balbooa.com Balbooa Forms Extension For Joomla
CVE-2026-56291
The Joomla extension Balbooa Forms is vulnerable to an unauthenticated arbitrary file upload that allows uploading executable files and leads to full RCE.
Vulnerability class: Unrestricted File Upload
Affected products
- Balbooa.com Balbooa Forms Extension For Joomla — versions 1.0-2.4.0
Weakness classification (CWE)
References
- security@joomla.org (product)
- security@joomla.org (third-party-advisory)