Impact
A vulnerability in SP Page Builder for Joomla allows unauthenticated users to upload arbitrary files, which the application then executes as PHP. The description explicitly states that arbitrary files can be uploaded and run as PHP. It is inferred that the upload mechanism accepts files without validating type or enforcing access controls, because no such restrictions are mentioned. As a result, an attacker can deliver malicious PHP that is executed by the Joomla site, giving them complete control over the web application environment.
Affected Systems
SP Page Builder extension for Joomla from joomshaper.net is vulnerable in all versions less than 6.6.2. Any Joomla site using the extension without upgrading to 6.6.2 or later is at risk.
Risk and Exploitability
The CVSS score of 10 indicates an extremely severe flaw. The EPSS score of 1% indicates a very low but nonzero probability of exploitation. Because the flaw allows unauthenticated uploads with no file type checks, the attack path appears straightforward: an attacker can send a crafted request to the extension’s upload endpoint, place a PHP file in the upload directory, and have it executed. This is inferred from the description and the lack of stated authentication. The vulnerability is listed in CISA KEV.
OpenCVE Enrichment