PT-2026-56808 · Joomla · Acymailing
Phil Taylor
·
Published
2026-07-09
·
Updated
2026-07-09
·
CVE-2026-56292
CVSS v4.0
9.2
Critical
| Vector | AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:L/VA:L/SC:H/SI:H/SA:H |
Name of the Vulnerable Software and Affected Versions
AcyMailing versions prior to 10.11.1
Description
An unauthenticated SQL injection flaw exists in the AcyMailing component for Joomla. This issue allows a remote attacker to execute crafted SQL queries to gain unauthorized access to the database, potentially leading to the leakage of sensitive information such as password hashes, personal data, and general content.
Recommendations
Update AcyMailing to version 10.11.1.
Fix
SQL injection
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Acymailing