CVE-2026-60025 PUBLISHED

Joomla Extension - joomdonation.com - User enumeration in Events Booking < 5.8.0

Assigner: Joomla
Reserved: 08.07.2026 Published: 17.07.2026 Updated: 17.07.2026

The Joomla extension Events Booking prior version 5.8.0 had an frontend file upload endpoint that lacked CSRF protection.

Product Status

Vendor joomdonation.com
Product Events Booking extension for Joomla
Versions Default: unaffected
  • Version 1.0-5.8.0 is affected

Credits

  • Phil Taylor finder

References

Problem Types

  • CWE-352 Cross-Site Request Forgery (CSRF) CWE