Loading market data...
← Back to CVE feed

CVE-2026-48909

UNKNOWN View on NVD ↗

Description

SP LMS (com_splms) < 4.1.4 by JoomShaper deserializes user-controlled cookie data without validation, enabling an unauthenticated remote attacker to execute arbitrary code on the server.

Published: Jun 20, 2026 13:16 UTC Modified: Jun 20, 2026 13:16 UTC