CISA Warns of Attacks Exploiting Joomla Extension Vulnerabilities

Photo: BleepingComputer
Quick answer
Hackers are actively exploiting critical remote code execution (RCE) vulnerabilities in Joomla extensions iCagenda and Balbooa Forms. CISA warns of the threat and urges immediate software updates to mitigate risks.
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has issued an emergency warning about critical vulnerabilities in two popular Joomla CMS extensions—iCagenda and Balbooa Forms. According to the report, these flaws allow attackers to upload arbitrary files to the server and execute remote code (RCE), enabling full system compromise.
Security experts confirm that these vulnerabilities are already being actively exploited in real-world attacks. Hackers are bypassing file upload verification mechanisms to inject malicious code. Joomla site owners are strongly advised to update vulnerable components to the latest versions, as patches for these flaws are now available.
In addition to updates, experts recommend conducting a security audit of websites, especially those using the affected extensions. At risk are not only corporate resources but also e-commerce stores, blogs, and other projects built on Joomla. Failure to take timely action could result in data leaks, site defacement, or servers being hijacked for cyberattacks.
Common questions
- What vulnerabilities have been discovered in Joomla extensions?
- The iCagenda and Balbooa Forms plugins contain flaws that allow arbitrary file uploads and remote code execution (RCE) on the server. These vulnerabilities are already being exploited by attackers.
- How can I protect my Joomla site from these attacks?
- Update the vulnerable extensions to the latest versions immediately. Additionally, audit your server logs for suspicious activity and enhance security monitoring.
- What are the risks of exploiting these vulnerabilities?
- Attackers could gain full control over the website, steal user data, or misuse server resources for further attacks, such as malware distribution.
Dzen feed: /feed/dzen.xml · RSS: /feed.xml