Back to overview

CVE-2026-60025

Description
The Joomla extension Events Booking prior version 5.8.0 had an frontend file upload endpoint that lacked CSRF protection.

Metadata

CVE ID
CVE-2026-60025
State
PUBLISHED
Assigner
Joomla
Reserved
2026-07-08 05:31 UTC
Published
2026-07-17 15:44 UTC
Last updated
2026-07-17 15:44 UTC
Primary CWE
CWE-352
CWE-352 Cross-Site Request Forgery (CSRF)
Vendor / Product
joomdonation.com / Events Booking extension for Joomla
Sources
cve.org  ·  NVD

Severity & Metrics

No CVSS data available.

Affected products (1)
VendorProductPlatformVersions
joomdonation.com Events Booking extension for Joomla 1.0-5.8.0
Weakness (CWE)
CWESourceDescription
CWE-352 cna CWE-352 Cross-Site Request Forgery (CSRF)
Back to overview