CVE-2026-21627

Extension - tassos.gr - SQL injection and Unauthenticated File Read in Novarain/Tassos Framework v4.10.14 – v6.0.37 for Joomla

CVSS 9.5 CRITICALEPSS 0.4%CWE-284

The vulnerability was rooted in how the Tassos Framework plugin handled specific AJAX requests through Joomla’s com_ajax entry point. Under certain conditions, internal framework functionality could be invoked without proper restriction.

CVSS:4.0/AV:N/AC:H/AT:P/PR:N/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H

Produtos afetados

tassos.gr · Advanced Custom Fields tassos.gr · Convert Forms tassos.gr · EngageBox tassos.gr · Google Structured Data tassos.gr · Novarain/Tassos Framework (plg_system_nrframework)tassos.gr · Smile Pack

Quer saber se a sua infraestrutura está exposta a isto?

Falar com a TrueHacking →

Referências

https://tassos.gr