The Helix3 plugin for Joomla exposes an ajax handler task, that allows unauthenticated attackers to delete arbitrary files, write arbitrary JSON files and update template parameters.
Advisories
No advisories yet.
Fixes
Solution
No solution given by the vendor.
Workaround
No workaround given by the vendor.
References
| Link | Providers |
|---|---|
| https://www.joomshaper.com/ |
|
History
Wed, 01 Jul 2026 10:30:00 +0000
| Type | Values Removed | Values Added |
|---|---|---|
| First Time appeared |
Joomshaper
Joomshaper helix3 Extension For Joomla |
|
| Vendors & Products |
Joomshaper
Joomshaper helix3 Extension For Joomla |
Mon, 29 Jun 2026 16:30:00 +0000
| Type | Values Removed | Values Added |
|---|---|---|
| Metrics |
cvssV3_1
|
Mon, 29 Jun 2026 15:00:00 +0000
| Type | Values Removed | Values Added |
|---|---|---|
| Description | The Helix3 plugin for Joomla exposes an ajax handler task, that allows unauthenticated attackers to delete arbitrary files, write arbitrary JSON files and update template parameters. | |
| Title | Joomla Extension - joomshaper.com - Unauthenticated access to Helix3 template ajax handler | |
| Weaknesses | CWE-284 | |
| References |
|
Projects
Sign in to view the affected projects.
Status: PUBLISHED
Assigner: Joomla
Published:
Updated: 2026-07-05T14:29:38.297Z
Reserved: 2026-05-27T09:16:31.897Z
Link: CVE-2026-49049
Updated: 2026-06-29T15:27:37.045Z
No data.
No data.
OpenCVE Enrichment
Updated: 2026-07-01T10:04:22Z
Weaknesses