CVE-2026-48908
JoomShaper SP Page Builder Unrestricted Upload of File with Dangerous Type Vulnerability
⚠ KEVEPSS 0.80%
Description
JoomShaper SP Page Builder contains an unrestricted upload of file with dangerous type vulnerability that allows unauthenticated users to upload arbitrary files, ultimately resulting in the upload and execution of PHP code.
How to fix CVE-2026-48908
No package mapping is available — consult the references below for vendor-specific guidance.
Is CVE-2026-48908 being exploited?
Yes — CVE-2026-48908 is on the CISA Known Exploited Vulnerabilities (KEV) catalog. Patch immediately.
Affected packages (0)
No package mapping in OSV.