CVE-2026-48909
Vulnerability Description
SP LMS (com_splms) < 4.1.4 by JoomShaper deserializes user-controlled cookie data without validation, enabling an unauthenticated remote attacker to execute arbitrary code on the server.
Vulnerability Details
Published Date
Last Modified
CWE ID
CWE-502
Source
NVD
Vendor
joomshaper.net
Product
SP LMS extension for Joomla
Discussion (0)
Add Comment
No comments yet. Be the first!