CVE-2026-60024 PUBLISHED

Joomla Extension - joomdonation.com - Insecure default configuration Events Booking < 5.8.0

Assigner: Joomla
Reserved: 08.07.2026 Published: 17.07.2026 Updated: 17.07.2026

The Joomla extension Events Booking prior version 5.8.0 did by default allow unauthenticated users to upload media assets.

Product Status

Vendor joomdonation.com
Product Events Booking extension for Joomla
Versions Default: unaffected
  • Version 1.0-5.8.0 is affected

Credits

  • Phil Taylor finder

References

Problem Types

  • CWE-1188: Initialization of a Resource with an Insecure Default CWE