RCE in Joomdonation.com Events Booking Extension For Joomla
CVE-2026-60024
The Joomla extension Events Booking prior version 5.8.0 did by default allow unauthenticated users to upload media assets.
Affected products
- Joomdonation.com Events Booking Extension For Joomla — versions 1.0-5.8.0
Weakness classification (CWE)
References
- security@joomla.org (product)