VERKLAREN niet mogelijk voor zoekopdracht: UPDATE `hmclx_extensions`
SET `params` = '{\"htp_shield\":{\"site_path\":\"\",\"sef_rules\":1,\"api_router\":1,\"api_mode\":\"route\",\"fastcgi_auth\":1,\"apache_options\":1,\"follow_symlink\":0,\"force_https\":1,\"www_mode\":0,\"canonical_host\":\"\",\"h_frame\":1,\"h_nosniff\":1,\"h_referrer\":\"strict-origin-when-cross-origin\",\"h_poweredby\":1,\"h_hsts\":0,\"h_hsts_sub\":0,\"h_coop\":0,\"h_permissions\":0,\"f_query\":1,\"f_rfi\":1,\"f_methods\":1,\"f_wpnoise\":1,\"htaccess_external\":0,\"shield_autoheal\":1,\"shield_autoheal_last\":0,\"mig_selfon_2415\":1,\"guard_dismissed\":0,\"x_shield\":1,\"x_sigs_off\":[],\"defs_version\":\"2026-07-15.9ac386\",\"mal_whitelist\":[],\"u_harden\":1,\"u_dirs\":[\"images\",\"media\"],\"emergency_lock\":0,\"notify_email\":\"pch.info@dubbelbit.nl\",\"notify_reminder_days\":14,\"unsub_secret\":\"knIOkiU01E3ceU0YZZ8ARjTQkWuTbqXAfktb1qjg6K0\",\"unsub_base\":\"https:\\/\\/www.efitec.nl\\/\",\"site_fp\":\"6d83c72d155aaa19f87ab9edd8cf222657b5b548\",\"swarm_contrib_id\":\"\",\"swarm_acked\":[],\"watch_manifest\":{\".htaccess\":\"dcb97f95087f2bdb336d0ffdcc300371ca6c4c51\",\"administrator\\/.htaccess\":\"2a00152a7d76a1d4a9444edf477c7404821a8b08\",\"images\\/.htaccess\":\"69714eb0929213f686d66baa144fceefbb395f8f\",\"media\\/.htaccess\":\"69714eb0929213f686d66baa144fceefbb395f8f\"},\"core_manifest\":{\"index.php\":\"2f1b60fc565276ae146bea9aaeadec93fb4dc87c\",\"administrator\\/index.php\":\"7078c5d7b2181900c509c93302f324e2dae228bf\"},\"core_jversion\":\"3.10.12\",\"accounts_watch\":1,\"account_baseline\":{\"613\":{\"id\":613,\"username\":\"admin\",\"email\":\"pch.info@dubbelbit.nl\",\"phash\":\"6300584d05e69c7f07ba2fb51a2f5ade41aeedd4\",\"block\":0,\"lastvisit\":\"2026-07-15 10:54:36\",\"pneeds\":0},\"800\":{\"id\":800,\"username\":\"dubbelbit\",\"email\":\"info@dubbelbit.nl\",\"phash\":\"081a5bae87c5a349a57ac9416a5157be4b8f95d5\",\"block\":0,\"lastvisit\":\"2025-11-06 17:15:16\",\"pneeds\":0}},\"admin_whitelist\":[],\"helix_ignore\":[],\"seo_watch\":1,\"compat_guard\":1,\"seo_cloaking_auto\":0,\"seo_whitelist\":[],\"seo_topic_ack\":[],\"seo_baseline\":{\"title\":\"Home\",\"out_domains\":{\"www.facebook.com\":1,\"nl.pinterest.com\":1,\"www.youtube.com\":1,\"www.s-bb.nl\":1,\"nieuw.efitec.nl\":1,\"xdebug.org\":1},\"shingles\":{\"511079512\":1,\"2918310184\":1,\"155886152\":1,\"3160688592\":1,\"3485062088\":1,\"585239104\":1,\"3828873704\":1,\"4087449296\":1,\"3631890208\":1,\"2453473432\":1,\"352088384\":1,\"1507055824\":1,\"1387258184\":1,\"96078016\":1,\"4120744744\":1,\"884599352\":1,\"148068952\":1,\"2322729328\":1,\"1647395640\":1,\"550572240\":1,\"2804985368\":1,\"2665301464\":1,\"3371643872\":1,\"1999195856\":1,\"412108984\":1,\"1724033968\":1,\"2599037872\":1,\"4081499304\":1,\"187337984\":1,\"362962264\":1,\"2094558736\":1,\"2787016200\":1,\"1792673952\":1,\"3190343216\":1,\"2235320368\":1,\"148784336\":1,\"3545206312\":1,\"368999392\":1,\"1552018832\":1,\"344452216\":1,\"243485568\":1,\"202494824\":1,\"193498808\":1,\"3556960432\":1,\"2554787144\":1,\"1932120000\":1,\"1848356288\":1,\"3951814824\":1,\"3735037840\":1,\"1779788808\":1,\"3363237368\":1,\"2257056296\":1,\"982788704\":1,\"3748426760\":1,\"3214585776\":1,\"1332842344\":1,\"1366336928\":1,\"1247068128\":1,\"2431144696\":1,\"4018770056\":1,\"1365474280\":1,\"1993946344\":1,\"140539032\":1,\"2846664968\":1,\"1767886368\":1,\"3454578544\":1,\"829495128\":1,\"1345968944\":1,\"399315432\":1,\"3332537384\":1,\"4133289600\":1,\"682230128\":1,\"76894816\":1,\"2543161872\":1,\"2799752896\":1,\"3590330528\":1,\"3328482024\":1,\"751934360\":1,\"2118361536\":1,\"167073560\":1,\"2326696456\":1,\"22094088\":1,\"211001480\":1,\"1209613064\":1,\"1950179312\":1,\"39928272\":1,\"2520740096\":1,\"810676984\":1,\"3946537872\":1,\"1061088320\":1,\"924937024\":1,\"2981285080\":1,\"2438508112\":1,\"1820085032\":1,\"1094268640\":1,\"1531644320\":1,\"4102387360\":1,\"4118382176\":1,\"3008275536\":1,\"4239054088\":1,\"254204696\":1,\"2797136096\":1,\"3557110600\":1,\"4041208904\":1,\"1327249520\":1,\"1607673584\":1,\"4007425464\":1,\"2632851624\":1,\"3615937792\":1,\"2693581640\":1,\"1158834928\":1,\"1416323816\":1,\"1337666672\":1,\"2991890336\":1,\"3462925544\":1,\"2964742568\":1,\"1561660688\":1,\"1048480240\":1,\"1489547928\":1,\"1806222752\":1,\"3437080344\":1,\"1925217168\":1,\"2776431456\":1,\"507422944\":1,\"4101744904\":1,\"942566752\":1,\"3196827536\":1,\"1559046784\":1,\"4007417480\":1,\"7730296\":1,\"1458451704\":1,\"2911589176\":1,\"454621680\":1,\"1251844592\":1,\"4176326200\":1,\"4123225216\":1,\"670221008\":1,\"2571777288\":1,\"3627078176\":1,\"293222816\":1,\"281163600\":1,\"2508087208\":1,\"848595304\":1,\"3107900104\":1,\"2589595704\":1,\"2034508136\":1,\"1977429088\":1,\"2584638584\":1,\"2493542936\":1,\"1300147528\":1,\"965466024\":1,\"1223539912\":1,\"2846665840\":1,\"1613823168\":1,\"39764600\":1,\"4261163824\":1,\"1550852192\":1,\"1856123928\":1,\"376102376\":1,\"2256249280\":1,\"1618392856\":1,\"1672646016\":1,\"2709313920\":1,\"444641888\":1,\"4152895848\":1,\"3676099064\":1,\"716719120\":1,\"1236487296\":1,\"1368990104\":1,\"401106408\":1,\"650342624\":1,\"933003528\":1,\"2230427152\":1,\"1208455864\":1,\"2025534160\":1,\"1408784776\":1,\"2685059296\":1,\"3489792648\":1,\"1615724560\":1,\"410848968\":1,\"2550915448\":1,\"1067862528\":1,\"1935561680\":1,\"3854411392\":1,\"3101468488\":1,\"1911606592\":1,\"4217705304\":1,\"3382695416\":1,\"2723416912\":1,\"2552993816\":1,\"2123798152\":1,\"3761658400\":1,\"3834415704\":1,\"914641896\":1,\"4061168168\":1,\"4124423392\":1,\"1153004272\":1,\"796890520\":1,\"1247028480\":1,\"958748368\":1,\"1744512424\":1,\"647816080\":1,\"738374296\":1,\"743882928\":1,\"109843936\":1,\"3303788176\":1,\"3393712720\":1,\"1957314128\":1,\"2772452800\":1,\"1345583752\":1,\"4138023008\":1,\"1630734352\":1,\"1587613576\":1,\"1950652592\":1,\"2777296976\":1,\"2621186584\":1,\"36106456\":1,\"2825573424\":1,\"303059736\":1,\"588054000\":1,\"335870296\":1,\"947878136\":1,\"885775072\":1,\"2836090264\":1,\"1479167544\":1,\"3195444184\":1,\"1373515616\":1,\"2703441304\":1,\"2999798000\":1,\"935250640\":1,\"3689788336\":1,\"3679148440\":1,\"4128820280\":1,\"3538140264\":1,\"3237738368\":1,\"4023978944\":1,\"43229000\":1,\"3226643448\":1,\"3914545768\":1,\"3485632672\":1,\"1455493656\":1,\"3040222736\":1,\"1738075592\":1,\"3987514200\":1,\"428036792\":1,\"2710735120\":1,\"3436957576\":1,\"3230827720\":1,\"1002378832\":1,\"477165832\":1,\"1378722152\":1,\"2798472384\":1,\"272556984\":1,\"351010464\":1,\"2168780672\":1,\"1429953944\":1,\"2826036216\":1,\"420540632\":1,\"4203005848\":1,\"957468880\":1,\"4015778440\":1,\"111439000\":1,\"1216866856\":1,\"172199312\":1,\"3294019280\":1,\"1859028960\":1,\"2694091560\":1,\"2607914576\":1,\"3574060912\":1,\"2834052552\":1,\"3439897368\":1,\"3126548032\":1,\"2144818552\":1,\"3130333816\":1,\"3591606896\":1,\"1894249248\":1,\"4188555200\":1,\"245520800\":1,\"1682089672\":1,\"9149544\":1,\"3226699984\":1,\"1372800744\":1,\"2964205104\":1,\"722285192\":1,\"1456706216\":1,\"2706907200\":1,\"4109595712\":1,\"4066896848\":1,\"1116378504\":1,\"3895415872\":1,\"1253935208\":1,\"528756504\":1,\"2284709784\":1,\"802473640\":1,\"3733678920\":1,\"361847392\":1,\"1232831160\":1,\"144058216\":1,\"1338885880\":1,\"992984272\":1,\"3773773072\":1,\"4182600\":1,\"2502992360\":1,\"4070217592\":1,\"807202496\":1,\"1901327624\":1,\"821879880\":1,\"3181784208\":1,\"1534907152\":1,\"1530568368\":1,\"3978930832\":1,\"4141876912\":1,\"3134899488\":1,\"1235858440\":1,\"810201200\":1,\"3515040152\":1,\"798171424\":1,\"3843014608\":1,\"610676112\":1,\"62671312\":1,\"3925377248\":1,\"4256856904\":1,\"3781864704\":1,\"3031336392\":1,\"2746789680\":1,\"3039953848\":1,\"1385104704\":1,\"4245224744\":1,\"4290332968\":1,\"2274655504\":1,\"1645581528\":1,\"2669455816\":1,\"3722712864\":1,\"1646278032\":1,\"2080430464\":1,\"1286501976\":1,\"1591713568\":1,\"1088809128\":1,\"3634194248\":1,\"211619288\":1,\"1473147392\":1,\"3235297640\":1,\"1552428824\":1,\"1872388720\":1,\"4168355728\":1,\"4008708616\":1,\"1833740312\":1,\"252019184\":1,\"673687856\":1,\"1020035096\":1,\"649097984\":1,\"1255984432\":1,\"1477984416\":1,\"798794864\":1,\"3895830512\":1,\"3877253568\":1,\"3725099576\":1,\"2100351152\":1,\"484796944\":1,\"453935544\":1,\"2474987096\":1,\"73942424\":1,\"13272208\":1,\"1943482168\":1,\"2491291904\":1,\"1547675656\":1,\"1718305248\":1,\"1732106904\":1,\"1643112200\":1,\"1203761432\":1},\"redirect_to\":\"\",\"ts\":1784401793},\"seo_overview_ts\":1784401792,\"seo_overview_finding\":[],\"core_overview_ts\":1784128054,\"core_overview_finding\":[],\"plugin_initialized\":1,\"quickicon_initialized\":1,\"autosecure\":0,\"autosecure_last\":0,\"tmp_autoclean\":0,\"tmp_keep\":[],\"autoupdate_notify\":0,\"autoupdate_ext\":1,\"autoupdate_all\":0,\"autoupdate_self\":1,\"autoupdate_manual\":0,\"autoupdate_mail_success\":0,\"autoupdate_include\":[],\"autoupdate_keep\":1,\"autoupdate_interval\":86400,\"autoupdate_schedule\":\"daily\",\"autoupdate_hour\":21,\"autoupdate_weekday\":5,\"autoupdate_grace\":3,\"autoupdate_malscan\":1,\"autoupdate_skip_major\":0,\"keep_update_sites\":1,\"keep_update_sites_except\":[],\"s_php\":1,\"s_types\":1,\"s_ext\":\"7z,avif,bmp,br,css,csv,doc,docx,eot,geojson,gif,gml,gpx,gz,htm,html,ico,ics,jp2,jpe,jpeg,jpg,js,json,kml,kmz,m4a,m4v,map,mjs,mov,mp3,mp4,mpeg,mpg,odp,ods,odt,oga,ogg,ogv,opus,otf,pdf,png,ppt,pptx,rar,rtf,svg,svgz,tif,tiff,ttf,txt,vtt,wasm,wav,webm,webmanifest,webp,woff,woff2,xls,xlsx,xml,xsl,zip\",\"s_files\":[\"administrator\\/components\\/com_akeeba\\/restore.php\",\"administrator\\/components\\/com_akeebabackup\\/restore.php\"],\"s_dirs_php\":[\"plugins\\/system\\/bfnetwork\"],\"s_dirs_static\":[],\"allow_paths\":[],\"s_dotfiles\":1,\"s_wellknown\":1,\"s_sensitive\":1,\"s_manifests\":0,\"s_sysdirs\":1,\"s_sysdirs_list\":[\"administrator\\/cache\",\"administrator\\/logs\",\"cache\",\"cli\",\"log\",\"logs\",\"tmp\"],\"p_compress\":1,\"p_precomp\":0,\"p_expires\":1,\"p_etag\":0,\"custom_top\":\"\",\"custom_bottom\":\"\",\"file_sha1\":\"dcb97f95087f2bdb336d0ffdcc300371ca6c4c51\",\"last_written\":\"2026-07-15 17:20:03\",\"last_test\":{\"checks\":[{\"label\":\"Home page reachable\",\"url\":\"https:\\/\\/www.efitec.nl\\/\",\"status\":200,\"ok\":true,\"note\":\"\"},{\"label\":\"Backend reachable (401 = password protection active)\",\"url\":\"https:\\/\\/www.efitec.nl\\/administrator\\/index.php\",\"status\":401,\"ok\":true,\"note\":\"\"},{\"label\":\"PHP shield active (test call is rejected with 403)\",\"url\":\"https:\\/\\/www.efitec.nl\\/htpx-canary-fbfbe897.php\\/htp\",\"status\":403,\"ok\":true,\"note\":\"\"},{\"label\":\"configuration.php blocked\",\"url\":\"https:\\/\\/www.efitec.nl\\/configuration.php\",\"status\":403,\"ok\":true,\"note\":\"\"}],\"regression\":false,\"reason\":\"\",\"time\":\"2026-07-15 15:20:03\"},\"guard_dir\":\"\",\"guard_recover\":\"263c210ee005a46813c42d75dd82d7144cb9b918b4356d8c60a8f9225963fe48\",\"welcome_sent\":1,\"welcome_green_since\":0,\"jed_review_ack\":\"\",\"jed_mail_last\":0,\"htaccess_cap\":[]},\"htp_defs\":{\"schema\":1,\"version\":\"2026-07-18.2bbe9c\",\"signatures\":[{\"id\":\"jce-profiles-import\",\"label\":\"JCE Profil-Import (CVE-2026-48907)\",\"label_en\":\"JCE profile import (CVE-2026-48907)\",\"desc\":\"Unauthentifizierter Profil-Import im JCE-Editor - Beginn der aktuellen RCE-Kette (schaltet PHP-Uploads frei). Kein legitimer Frontend-Aufruf.\",\"desc_en\":\"Unauthenticated profile import in the JCE editor - start of the current RCE chain (enables PHP uploads). No legitimate frontend call.\",\"default\":1,\"qs\":\"option=com_jce.*task=profiles\\\\.import\",\"uri\":null,\"frontend_only\":1,\"scope\":\"all\",\"waf_only\":0,\"trigger\":null},{\"id\":\"jce-rpc-upload\",\"label\":\"JCE Webshell-Upload via plugin.rpc (CVE-2026-48907)\",\"label_en\":\"JCE webshell upload via plugin.rpc (CVE-2026-48907)\",\"desc\":\"Datei-Upload \\u00fcber den JCE-Dateibrowser (plugin.rpc, method=upload). Greift nur im Frontend; eingeloggte Autoren (legitimer Editor-Upload) bleiben unber\\u00fchrt.\",\"desc_en\":\"File upload via the JCE file browser (plugin.rpc, method=upload). Applies only on the frontend; logged-in authors (legitimate editor upload) are unaffected.\",\"default\":1,\"qs\":\"option=com_jce.*task=plugin\\\\.rpc.*method=upload\",\"uri\":null,\"frontend_only\":1,\"scope\":\"guest\",\"waf_only\":0,\"trigger\":null},{\"id\":\"jce-imgmanager\",\"label\":\"JCE Image Manager (Alt-Exploit)\",\"label_en\":\"JCE Image Manager (legacy exploit)\",\"desc\":\"Klassischer unauthentifizierter Datei-Upload \\u00fcber den JCE-Bildmanager (sehr alte JCE-Versionen).\",\"desc_en\":\"Classic unauthenticated file upload via the JCE image manager (very old JCE versions).\",\"default\":1,\"qs\":\"option=com_jce.*plugin=imgmanager.*method=form\",\"uri\":null,\"frontend_only\":1,\"scope\":\"guest\",\"waf_only\":0,\"trigger\":null},{\"id\":\"novarain-nrframework\",\"label\":\"Novarain \\/ Tassos Framework (com_ajax include)\",\"label_en\":\"Novarain \\/ Tassos Framework (com_ajax include)\",\"desc\":\"CVE-2026-21627: unauthentifizierte PHP-Datei-Einbindung \\u00fcber plg_system_nrframework via com_ajax (task=include).\",\"desc_en\":\"CVE-2026-21627: unauthenticated PHP file inclusion via plg_system_nrframework through com_ajax (task=include).\",\"default\":1,\"qs\":\"option=com_ajax.*nrframework.*task=include\",\"uri\":null,\"frontend_only\":1,\"scope\":\"all\",\"waf_only\":0,\"trigger\":null},{\"id\":\"astroid-ajax\",\"label\":\"Astroid Framework (AJAX-Endpunkt)\",\"label_en\":\"Astroid Framework (AJAX endpoint)\",\"desc\":\"CVE-2026-21628: ungepr\\u00fcfter Astroid-AJAX-Endpunkt (Upload\\/Installation). Coarse-Match auf com_ajax + astroid.\",\"desc_en\":\"CVE-2026-21628: unchecked Astroid AJAX endpoint (upload\\/installation). Coarse match on com_ajax + astroid.\",\"default\":1,\"qs\":\"option=com_ajax.*(plugin|template|view)=astroid\",\"uri\":null,\"frontend_only\":1,\"scope\":\"all\",\"waf_only\":0,\"trigger\":null},{\"id\":\"helix3-ajax\",\"label\":\"Helix3 (JoomShaper): unauth. com_ajax-Handler (Datei schreiben\\/l\\u00f6schen)\",\"label_en\":\"Helix3 (JoomShaper): unauth com_ajax handler (file write\\/delete)\",\"desc\":\"Helix3 < 3.1.1: der Ajax-Handler onAjaxHelix3 pr\\u00fcfte weder Login noch Rechte. Trifft gezielt die gef\\u00e4hrlichen Unauth-Aktionen im POST-Body: save (Layout-JSON ins aktive Template schreiben), remove (Datei l\\u00f6schen via Path-Traversal), import (Template-Style-Settings \\u00fcberschreiben) sowie upload_image\\/remove_image\\/updateFonts. Legitime Gast-Aktionen (voting, load) und eingeloggte Template-Nutzung \",\"desc_en\":\"Helix3 < 3.1.1: the onAjaxHelix3 ajax handler checked neither login nor permission. Targets the dangerous unauth POST-body actions: save (write layout JSON into the active template), remove (delete a file via path traversal), import (overwrite template style settings) plus upload_image\\/remove_image\\/updateFonts. Legitimate guest actions (voting, load) and logged-in template use are unaffected. Fix:\",\"default\":1,\"qs\":\"data(?:\\\\[|%5b)action(?:\\\\]|%5d)=(?:save|remove|import|updatefonts)|action=(?:upload_image|remove_image)\",\"uri\":null,\"frontend_only\":1,\"scope\":\"guest\",\"waf_only\":1,\"trigger\":\"com_ajax\"},{\"id\":\"helix3-comajax\",\"label\":\"Helix3 (JoomShaper): unauth. com_ajax-Dispatcher (Datei-Write\\/Delete, Style-Injektion)\",\"label_en\":\"Helix3 (JoomShaper): unauth com_ajax dispatcher (file write\\/delete, style injection)\",\"desc\":\"Helix3 < 3.1.1: der Front-Dispatcher (option=com_ajax mit plugin=helix3) rief onAjaxHelix3 VOR jeder Token-\\/Rechtepr\\u00fcfung auf - unauthentifiziert save\\/import\\/remove\\/resetLayout\\/updateFonts\\/fontVariants (Datei-Schreiben, Path-Traversal-L\\u00f6schen, Template-Style-Injektion, Stored XSS). Blockt jeden GAST-Aufruf dieses Dispatchers im Frontend (Defense-in-Depth, f\\u00e4ngt auch laufende Scans) - erg\\u00e4nzt d\",\"desc_en\":\"Helix3 < 3.1.1: the front-end dispatcher (option=com_ajax with plugin=helix3) invoked onAjaxHelix3 BEFORE any token\\/permission check - unauthenticated save\\/import\\/remove\\/resetLayout\\/updateFonts\\/fontVariants (file write, path-traversal delete, template style injection, stored XSS). Blocks every GUEST call of this dispatcher on the front end (defense in depth, also catches ongoing scans) - complemen\",\"default\":1,\"qs\":\"(?=.*option=com_ajax)(?=.*plugin=helix3\\\\b)\",\"uri\":null,\"frontend_only\":1,\"scope\":\"guest\",\"waf_only\":1,\"trigger\":\"com_ajax\"},{\"id\":\"helixultimate-comajax\",\"label\":\"Helix Ultimate (JoomShaper): unauth. com_ajax-Dispatcher (Men\\u00fc-Write\\/Datei\\/Export)\",\"label_en\":\"Helix Ultimate (JoomShaper): unauth com_ajax dispatcher (menu write\\/file\\/export)\",\"desc\":\"Helix Ultimate < 2.2.7: der com_ajax-Handler onAjaxHelixultimate (option=com_ajax mit plugin=helixultimate, Action im task-Param) lief VOR jeder Login-\\/Rechtepr\\u00fcfung - ein anonymer Angreifer konnte in die Men\\u00fc-Einstellungen schreiben (Stored XSS bis in die Admin-Sitzung), Dateien per Path-Traversal beliebig l\\u00f6schen, einen Open Redirect ausl\\u00f6sen und das Template ungesch\\u00fctzt exportieren. Blockt\",\"desc_en\":\"Helix Ultimate < 2.2.7: the com_ajax handler onAjaxHelixultimate (option=com_ajax with plugin=helixultimate, action in the task param) ran BEFORE any login\\/permission check - an anonymous attacker could write into the menu settings (stored XSS reaching the admin session), delete files anywhere via path traversal, trigger an open redirect and export the template unprotected. Blocks every GUEST call\",\"default\":1,\"qs\":\"(?=.*option=com_ajax)(?=.*plugin=helixultimate\\\\b)\",\"uri\":null,\"frontend_only\":1,\"scope\":\"guest\",\"waf_only\":1,\"trigger\":\"com_ajax\"},{\"id\":\"comajax-include\",\"label\":\"com_ajax: Datei-Einbindung (generisch)\",\"label_en\":\"com_ajax: file inclusion (generic)\",\"desc\":\"F\\u00e4ngt unbekannte LFI-L\\u00fccken derselben Klasse ab: com_ajax mit task=include\\/require. Frontend.\",\"desc_en\":\"Catches unknown LFI holes of the same class: com_ajax with task=include\\/require. Frontend.\",\"default\":1,\"qs\":\"option=com_ajax.*task=(include|require)(_once)?\",\"uri\":null,\"frontend_only\":1,\"scope\":\"all\",\"waf_only\":0,\"trigger\":null},{\"id\":\"sppagebuilder-uploadicon\",\"label\":\"SP Page Builder: unauthentifizierter Icon-Upload (RCE)\",\"label_en\":\"SP Page Builder: unauthenticated icon upload (RCE)\",\"desc\":\"Zero-Day in SP Page Builder bis 6.6.1: der asset-Controller (task=asset.uploadCustomIcon) hatte keinerlei Zugriffs-\\/Login-Pr\\u00fcfung - unauthentifizierter Datei-Upload nach \\/media\\/com_sppagebuilder\\/assets\\/iconfont\\/ - RCE. Nur Mini-WAF (G\\u00e4ste), da eingeloggte Builder den Endpunkt legitim nutzen.\",\"desc_en\":\"Zero-day in SP Page Builder up to 6.6.1: the asset controller (task=asset.uploadCustomIcon) had no access\\/login check - unauthenticated file upload to \\/media\\/com_sppagebuilder\\/assets\\/iconfont\\/ - RCE. Mini-WAF only (guests), since logged-in builders use the endpoint legitimately.\",\"default\":1,\"qs\":\"option=com_sppagebuilder.*task=asset\\\\.uploadCustomIcon\",\"uri\":null,\"frontend_only\":1,\"scope\":\"guest\",\"waf_only\":1,\"trigger\":null},{\"id\":\"dpcalendar-createdby-sqli\",\"label\":\"DPCalendar: unauth. SQL-Injection (Autor-Filter)\",\"label_en\":\"DPCalendar: unauth SQL injection (author filter)\",\"desc\":\"DPCalendar Blind-SQLi (Joomla 4.4-6 < 10.11.2, J3 < 8.19.4): der Frontend-Autor-Filter filter_created_by (option=com_dpcalendar, view=events) floss in skalarer Form ungecastet in a.created_by IN (...) - anonymes Auslesen beliebiger DB-Tabellen (nur lesend). Blockt Gast-Anfragen, deren filter_created_by kein reiner Integer ist (legitim = Autor-IDs\\/Ziffern) -> FP-frei. Fix 10.11.2 \\/ 8.19.4.\",\"desc_en\":\"DPCalendar blind SQLi (Joomla 4.4-6 < 10.11.2, J3 < 8.19.4): the front-end author filter filter_created_by (option=com_dpcalendar, view=events) flowed uncast into a.created_by IN (...) in its scalar form - anonymous read of arbitrary DB tables (read-only). Blocks guest requests whose filter_created_by is not a pure integer (legit = author IDs\\/digits) -> FP-free. Fix 10.11.2 \\/ 8.19.4.\",\"default\":1,\"qs\":\"(?=.*option=com_dpcalendar)(?=.*filter_created_by=[0-9,]*[^0-9,&])\",\"uri\":null,\"frontend_only\":1,\"scope\":\"guest\",\"waf_only\":1,\"trigger\":\"com_dpcalendar\"},{\"id\":\"acym-entityselect-sqli\",\"label\":\"AcyMailing: unauth. SQL-Injection (Entity-Select Spaltenliste)\",\"label_en\":\"AcyMailing: unauth SQL injection (entity-select column list)\",\"desc\":\"CVE-2026-56292 (AcyMailing 6.0.0-10.11.0): der Frontend-Endpunkt EntitySelectController::loadEntityFront (option=com_acym, task=loadEntityFront) nahm die Request-Parameter columns\\/join_table ungeprueft in die SELECT-Spaltenliste von UserClass::getMatchingElements auf - ein anonymer Besucher konnte per Subquery beliebige DB-Tabellen (inkl. Passwort-Hashes) auslesen. Blockt GAST-Aufrufe dieses Tasks\",\"desc_en\":\"CVE-2026-56292 (AcyMailing 6.0.0-10.11.0): the front-end endpoint EntitySelectController::loadEntityFront (option=com_acym, task=loadEntityFront) placed the request parameters columns\\/join_table unchecked into the SELECT column list of UserClass::getMatchingElements - an anonymous visitor could read arbitrary DB tables (incl. password hashes) via a subquery. Blocks GUEST calls of this task whose c\",\"default\":1,\"qs\":\"(?=.*option=com_acym)(?=.*task=loadEntityFront)(?=.*(?:columns|join_table|join)=[^&]*(?:\\\\(|%28|%2528|\\\\s|%20|\\\\+))\",\"uri\":null,\"frontend_only\":1,\"scope\":\"guest\",\"waf_only\":1,\"trigger\":\"com_acym\"},{\"id\":\"quix-article-sqli\",\"label\":\"Quix Page Builder: unauth. SQL-Injection (Einzel-Artikel-AJAX)\",\"label_en\":\"Quix Page Builder: unauth SQL injection (single-article AJAX)\",\"desc\":\"Quix (ThemeXpert, Free UND Pro) bis 6.2.0, inkl. der 5.x-Reihe: der oeffentliche AJAX-Endpunkt (option=com_quix, task=ajax, element=joomla-article) ruft QuixJoomlaArticleElement::getAjax() ohne Login-\\/Token-\\/Lizenz-Pruefung; die Artikel-ID kommt base64-kodiert im data-Parameter und wird in articleExist() UNGECASTET in die DB-Query konkateniert -> unauthentifizierte, fehler-basierte SQL-Injection (\",\"desc_en\":\"Quix (ThemeXpert, Free AND Pro) up to 6.2.0, incl. the 5.x line: the public AJAX endpoint (option=com_quix, task=ajax, element=joomla-article) calls QuixJoomlaArticleElement::getAjax() with no login\\/token\\/license check; the article id arrives base64-encoded in the data parameter and is concatenated UNCAST into the DB query in articleExist() -> unauthenticated error-based SQL injection (CVSS 8.7). \",\"default\":1,\"qs\":\"(?=.*option=com_quix)(?=.*task=ajax\\\\b)(?=.*element=joomla-article\\\\b)\",\"uri\":null,\"frontend_only\":1,\"scope\":\"guest\",\"waf_only\":1,\"trigger\":\"com_quix\"},{\"id\":\"joomcck-tags-sqli\",\"label\":\"JoomCCK: unauth. SQL-Injection (Tag-Verwaltung)\",\"label_en\":\"JoomCCK: unauth SQL injection (tag management)\",\"desc\":\"CVE-2026-49048 (JoomCCK 6.x vor 6.4.1): der Front-End-Task tags.save\\/tags.delete (option=com_joomcck) lief OHNE Token-\\/Login-\\/Rechte-Pruefung und schob den Request-Parameter tag (getString) roh - mit Double-Quote-Ausbruch - in ZWEI aufeinanderfolgende SQL-Statements (Existenz-SELECT + UPDATE). Ein anonymer Besucher konnte die Datenbank auslesen und veraendern (stacked\\/error-based SQLi). Blockt jed\",\"desc_en\":\"CVE-2026-49048 (JoomCCK 6.x before 6.4.1): the front-end task tags.save\\/tags.delete (option=com_joomcck) ran with NO token\\/login\\/permission check and concatenated the request parameter tag (getString) raw - with a double-quote breakout - into TWO consecutive SQL statements (existence SELECT + UPDATE). An anonymous visitor could read and modify the database (stacked\\/error-based SQLi). Blocks every \",\"default\":1,\"qs\":\"(?=.*option=com_joomcck)(?=.*task=tags\\\\.(?:save|delete))\",\"uri\":null,\"frontend_only\":1,\"scope\":\"guest\",\"waf_only\":1,\"trigger\":\"com_joomcck\"},{\"id\":\"traversal-encoded\",\"label\":\"Pfad-Klettern (kodierte Varianten)\",\"label_en\":\"Path traversal (encoded variants)\",\"desc\":\"Erg\\u00e4nzt den Standard-Filter um Umgehungstricks: ....\\/\\/ , doppelte Kodierung (%252e), %c0%ae, %2e%2e%5c.\",\"desc_en\":\"Extends the standard filter with bypass tricks: ....\\/\\/ , double encoding (%252e), %c0%ae, %2e%2e%5c.\",\"default\":1,\"qs\":\"(\\\\.{3,}\\/|%252e|%c0%a[ef]|%2e%2e%5c|\\\\.\\\\.%5c)\",\"uri\":null,\"frontend_only\":0,\"scope\":\"all\",\"waf_only\":0,\"trigger\":null},{\"id\":\"php-wrapper-uri\",\"label\":\"PHP-Stream-Wrapper im Pfad\",\"label_en\":\"PHP stream wrapper in the path\",\"desc\":\"Blockiert php:\\/\\/ , phar:\\/\\/ , data:\\/\\/ , expect:\\/\\/ u. a. direkt im angefragten Pfad.\",\"desc_en\":\"Blocks php:\\/\\/ , phar:\\/\\/ , data:\\/\\/ , expect:\\/\\/ etc. directly in the requested path.\",\"default\":1,\"qs\":null,\"uri\":\"(?:php|phar|data|expect|glob|zlib|zip):\\/\",\"frontend_only\":0,\"scope\":\"all\",\"waf_only\":0,\"trigger\":null},{\"id\":\"api-config-leak\",\"label\":\"Joomla-API Konfigurations-Leak\",\"label_en\":\"Joomla API configuration leak\",\"desc\":\"CVE-2023-23752: sch\\u00fctzt den Endpunkt \\/api\\/...\\/v1\\/config\\/application auch ohne komplette API-Sperre.\",\"desc_en\":\"CVE-2023-23752: protects the \\/api\\/...\\/v1\\/config\\/application endpoint even without a complete API block.\",\"default\":1,\"qs\":null,\"uri\":\"^api\\/index\\\\.php\\/v[0-9]+\\/config\",\"frontend_only\":0,\"scope\":\"all\",\"waf_only\":0,\"trigger\":null},{\"id\":\"php-object-injection\",\"label\":\"PHP Object Injection (serialisierte Payload)\",\"label_en\":\"PHP object injection (serialised payload)\",\"desc\":\"Serialisiertes PHP-Objekt in einem Parameter (O:\\/C:<L\\u00e4nge>:) - typischer Einstieg f\\u00fcr Object-Injection\\/POP-Ketten. Kommt in normalen Anfragen nicht vor.\",\"desc_en\":\"Serialised PHP object in a parameter (O:\\/C:<length>:) - typical entry point for object injection\\/POP chains. Does not occur in normal requests.\",\"default\":1,\"qs\":\"(?<![a-z0-9])[oc]:[0-9]{1,4}:\",\"uri\":null,\"frontend_only\":0,\"scope\":\"all\",\"waf_only\":0,\"trigger\":null},{\"id\":\"stream-wrapper-param\",\"label\":\"PHP-Stream-Wrapper in Parameter\",\"label_en\":\"PHP stream wrapper in a parameter\",\"desc\":\"php:\\/\\/ , phar:\\/\\/ , data:\\/\\/ u. a. als Parameterwert - LFI\\/RCE-Vektor. Erg\\u00e4nzt die Pfad-Variante (php-wrapper-uri).\",\"desc_en\":\"php:\\/\\/ , phar:\\/\\/ , data:\\/\\/ etc. as a parameter value - LFI\\/RCE vector. Complements the path variant (php-wrapper-uri).\",\"default\":1,\"qs\":\"(php|phar|data|expect|glob|zlib|zip):\\/{2}\",\"uri\":null,\"frontend_only\":0,\"scope\":\"all\",\"waf_only\":0,\"trigger\":null},{\"id\":\"param-traversal\",\"label\":\"Pfad-Klettern im Parameter\",\"label_en\":\"Path traversal in a parameter\",\"desc\":\"Mehrfaches ..\\/ als Parameterwert - generisches Directory-Traversal\\/LFI in beliebigen Komponenten.\",\"desc_en\":\"Repeated ..\\/ as a parameter value - generic directory traversal\\/LFI in any component.\",\"default\":1,\"qs\":\"=(\\\\.\\\\.\\/){2,}\",\"uri\":null,\"frontend_only\":0,\"scope\":\"all\",\"waf_only\":0,\"trigger\":null}],\"vuln_extensions\":[{\"element\":\"nrframework\",\"type\":\"plugin\",\"folder\":\"system\",\"name\":\"Novarain \\/ Tassos Framework\",\"below\":\"6.0.38\",\"above\":\"\",\"severity\":\"critical\",\"note\":\"CVE-2026-21627: unauthentifizierte PHP-Einbindung via com_ajax. Auf 6.0.38 oder neuer aktualisieren.\",\"note_en\":\"CVE-2026-21627: unauthenticated PHP inclusion via com_ajax. Update to 6.0.38 or newer.\",\"advisory\":\"https:\\/\\/website-bereinigung.de\\/blog\\/joomla-tassos-framework-novarain-framework-sicherheitsluecke\",\"advisory_en\":\"https:\\/\\/website-bereinigung.de\\/en\\/blog\\/joomla-tassos-framework-novarain-framework-sicherheitsluecke\"},{\"element\":\"astroid\",\"type\":\"library\",\"folder\":\"\",\"name\":\"Astroid Framework\",\"below\":\"3.3.11\",\"above\":\"\",\"severity\":\"critical\",\"note\":\"CVE-2026-21628: unauthentifizierter Datei-Upload via AJAX-Endpunkt (Dropper in \\/images\\/). Auf 3.3.13 oder neuer aktualisieren.\",\"note_en\":\"CVE-2026-21628: unauthenticated file upload via AJAX endpoint (dropper in \\/images\\/). Update to 3.3.13 or newer.\",\"advisory\":\"https:\\/\\/website-bereinigung.de\\/blog\\/joomla-astroid-framework-sicherheitsluecke-vulnerability\",\"advisory_en\":\"https:\\/\\/website-bereinigung.de\\/en\\/blog\\/joomla-astroid-framework-sicherheitsluecke-vulnerability\"},{\"element\":\"helix3\",\"type\":\"plugin\",\"folder\":\"system\",\"name\":\"Helix3 (JoomShaper)\",\"below\":\"3.1.1\",\"above\":\"\",\"severity\":\"critical\",\"note\":\"Unauthentifizierter com_ajax-Handler (onAjaxHelix3) ohne Login-\\/Rechtepr\\u00fcfung: Angreifer k\\u00f6nnen Dateien ins aktive Template schreiben oder per Path-Traversal l\\u00f6schen (save\\/remove\\/import). Auf Helix3 3.1.1 oder neuer aktualisieren.\",\"note_en\":\"Unauthenticated com_ajax handler (onAjaxHelix3) with no login or permission check: attackers can write files into the active template or delete files via path traversal (save\\/remove\\/import). Update to Helix3 3.1.1 or newer.\",\"advisory\":\"https:\\/\\/htprotect.org\\/helix3\",\"advisory_en\":\"https:\\/\\/htprotect.org\\/en\\/helix3\"},{\"element\":\"helixultimate\",\"type\":\"plugin\",\"folder\":\"system\",\"name\":\"Helix Ultimate (JoomShaper)\",\"below\":\"2.2.7\",\"above\":\"\",\"severity\":\"critical\",\"note\":\"Kritische unauth. L\\u00fccke in ALLEN Versionen < 2.2.7: der com_ajax-Handler onAjaxHelixultimate lief VOR jeder Rechtepr\\u00fcfung - anonym in die Men\\u00fcs schreiben (Stored XSS in den Admin), Path-Traversal-L\\u00f6schen, Open Redirect, Template-Export. Auf 2.2.7 updaten (Plugin UND Template). HTProtects Mini-WAF blockt den Aufruf bereits. NICHT mit Helix3 verwechseln.\",\"note_en\":\"Critical unauth flaw in ALL versions below 2.2.7: the com_ajax handler onAjaxHelixultimate ran before any permission check - anonymous menu writes (stored XSS reaching the admin), path-traversal delete, open redirect, template export. Update to 2.2.7 (plugin AND template). HTProtect mini-WAF already blocks the call. Not to be confused with Helix3.\",\"advisory\":\"https:\\/\\/htprotect.org\\/helix-ultimate\",\"advisory_en\":\"https:\\/\\/htprotect.org\\/en\\/helix-ultimate\"},{\"element\":\"com_baforms\",\"type\":\"component\",\"folder\":\"\",\"name\":\"Balbooa Forms\",\"below\":\"2.4.1\",\"above\":\"\",\"severity\":\"critical\",\"note\":\"Aktiver Zero-Day (RCE), ALLE Versionen bis 2.4.0: der Upload-Endpoint form.uploadAttachmentFile pr\\u00fcft weder Login\\/Token noch Dateityp - ein anonymer Angreifer kann eine PHP-Datei hochladen und ausf\\u00fchren. NOCH KEIN Patch. Sofortma\\u00dfnahme: Upload-Formulare depublizieren. HTProtects Gast-Upload-Schutz blockt den ausf\\u00fchrbaren Upload bereits.\",\"note_en\":\"Active zero-day (RCE), ALL versions up to 2.4.0: the upload endpoint form.uploadAttachmentFile checks neither login\\/token nor file type - an anonymous attacker can upload and run a PHP file. NO patch yet. Interim: unpublish forms with upload fields. The HTProtect guest-upload filter already blocks the executable upload.\",\"advisory\":\"https:\\/\\/htprotect.org\\/balbooa-forms\",\"advisory_en\":\"https:\\/\\/htprotect.org\\/en\\/balbooa-forms\"},{\"element\":\"com_jce\",\"type\":\"component\",\"folder\":\"\",\"name\":\"JCE Editor\",\"below\":\"2.9.99.5\",\"above\":\"\",\"severity\":\"critical\",\"note\":\"CVE-2026-48907: unauthentifizierter Webshell-Upload (profiles.import + plugin.rpc). Dringend auf JCE 2.9.99.6 oder neuer aktualisieren.\",\"note_en\":\"CVE-2026-48907: unauthenticated webshell upload (profiles.import + plugin.rpc). Urgently update to JCE 2.9.99.6 or newer.\",\"advisory\":\"https:\\/\\/website-bereinigung.de\\/blog\\/jce-sicherheitsluecke-joomla\",\"advisory_en\":\"https:\\/\\/website-bereinigung.de\\/en\\/blog\\/jce-sicherheitsluecke-joomla\"},{\"element\":\"com_rsfiles\",\"type\":\"component\",\"folder\":\"\",\"name\":\"RSFiles!\",\"below\":\"1.17.12\",\"above\":\"\",\"severity\":\"critical\",\"note\":\"Aktiver unauthentifizierter Datei-Upload -> RCE, ALLE Versionen bis 1.17.11: der Frontend-Upload (task=rsfiles.upload) pr\\u00fcft weder Login\\/Token noch Dateiendung - ein anonymer Angreifer l\\u00e4dt eine .php nach \\/downloads bzw. \\/briefcase und f\\u00fchrt sie aus. Dringend auf 1.17.12 aktualisieren. HTProtects Gast-Upload-Schutz blockt den ausf\\u00fchrbaren Upload bereits.\",\"note_en\":\"Active unauthenticated file upload -> RCE, ALL versions up to 1.17.11: the front-end upload (task=rsfiles.upload) checks neither login\\/token nor file extension - an anonymous attacker uploads a .php into \\/downloads or \\/briefcase and executes it. Update to 1.17.12 urgently. The HTProtect guest-upload filter already blocks the executable upload.\",\"advisory\":\"https:\\/\\/www.rsjoomla.com\\/blog\\/view\\/644-unauthenticated-file-upload-fixed-in-rsfiles-version-11712-update-now.html\",\"advisory_en\":\"https:\\/\\/www.rsjoomla.com\\/blog\\/view\\/644-unauthenticated-file-upload-fixed-in-rsfiles-version-11712-update-now.html\"},{\"element\":\"com_edocman\",\"type\":\"component\",\"folder\":\"\",\"name\":\"EDocman\",\"below\":\"3.9\",\"above\":\"\",\"severity\":\"high\",\"note\":\"Unauthentifizierte SQL-Injection (alle Versionen bis 3.8): ein anonymer Besucher schleust ueber einen Filter-Parameter eines oeffentlichen Frontend-Endpunkts SQL in eine ungequotete DB-Abfrage ein und kann die Datenbank auslesen (bis hin zu Zugangsdaten). Der genaue Vektor ist bewusst nicht veroeffentlicht. Dringend auf EDocman 3.9.0 aktualisieren.\",\"note_en\":\"Unauthenticated SQL injection (all versions up to 3.8): an anonymous visitor injects SQL through a filter parameter of a public front-end endpoint into an unquoted DB query and can read the database (up to credentials). The exact vector is deliberately undisclosed. Update to EDocman 3.9.0 urgently.\",\"advisory\":\"https:\\/\\/joomdonation.com\\/forum\\/edocman\\/82813-edocman-3-9-0-security-release---important-update-recommended.html\",\"advisory_en\":\"https:\\/\\/joomdonation.com\\/forum\\/edocman\\/82813-edocman-3-9-0-security-release---important-update-recommended.html\"},{\"element\":\"com_foranalytics\",\"type\":\"component\",\"folder\":\"\",\"name\":\"4Analytics\",\"below\":\"5.0.2\",\"above\":\"\",\"severity\":\"critical\",\"note\":\"Zwei unauthentifizierte Sicherheitsluecken (CVE-2026-57833 + CVE-2026-58077) in ALLEN Versionen vor 5.0.2 - ein anonymer Angreifer braucht keinen Login. Hersteller Weeblr stuft beide als kritisch ein; technische Details sind 7 Tage embargoed. Dringend auf 4Analytics 5.0.2 aktualisieren (laeuft auf Joomla 3-6).\",\"note_en\":\"Two unauthenticated security flaws (CVE-2026-57833 + CVE-2026-58077) in ALL versions before 5.0.2 - an anonymous attacker needs no login. Vendor Weeblr rates both critical; technical details are under a 7-day embargo. Update to 4Analytics 5.0.2 urgently (runs on Joomla 3-6).\",\"advisory\":\"https:\\/\\/weeblr.com\\/blog\\/critical-vulnerabilities-2026-07-15\",\"advisory_en\":\"https:\\/\\/weeblr.com\\/blog\\/critical-vulnerabilities-2026-07-15\"},{\"element\":\"com_quix\",\"type\":\"component\",\"folder\":\"\",\"name\":\"Quix\",\"below\":\"6.2.1\",\"above\":\"\",\"severity\":\"high\",\"note\":\"Unauthentifizierte SQL-Injection (Free UND Pro, alle Versionen vor 6.2.1 \\u2013 auch die 5.x-Reihe): ein anonymer Besucher kann die gesamte Datenbank auslesen (CVSS 8.7). HTProtects Mini-WAF blockt den Angriff bereits aktiv. Auf Quix 6.2.1 aktualisieren (Free erh\\u00e4lt 6.2.1 ebenfalls \\u00fcber die Update-Funktion).\",\"note_en\":\"Unauthenticated SQL injection (Free AND Pro, all versions below 6.2.1 \\u2013 including the 5.x line): an anonymous visitor can read the entire database (CVSS 8.7). HTProtect\'s mini-WAF already actively blocks the attack. Update to Quix 6.2.1 (Free receives 6.2.1 too via the update function).\",\"advisory\":\"https:\\/\\/mysites.guru\\/blog\\/quix-sql-injection-disclosure\\/\",\"advisory_en\":\"https:\\/\\/mysites.guru\\/blog\\/quix-sql-injection-disclosure\\/\"},{\"element\":\"com_joomcck\",\"type\":\"component\",\"folder\":\"\",\"name\":\"JoomCCK\",\"below\":\"6.4.1\",\"above\":\"6.0.0\",\"severity\":\"critical\",\"note\":\"Unauthentifizierte SQL-Injection (CVE-2026-49048, JoomCCK 6.x vor 6.4.1): der Front-End-Task \\u201eTag speichern\\/l\\u00f6schen\\\" pr\\u00fcfte weder Login noch Token und \\u00fcbernahm den Parameter \\u201etag\\\" ungefiltert in zwei SQL-Abfragen - ein anonymer Besucher konnte die Datenbank auslesen und ver\\u00e4ndern. HTProtects Mini-WAF blockt den unautorisierten Gast-Aufruf bereits aktiv. Dringend auf JoomCCK 6.4.1 aktualisi\",\"note_en\":\"Unauthenticated SQL injection (CVE-2026-49048, JoomCCK 6.x before 6.4.1): the front-end \\\"save\\/delete tag\\\" task checked neither login nor token and took the \\\"tag\\\" parameter unfiltered into two SQL queries - an anonymous visitor could read and modify the database. HTProtect\'s mini-WAF already actively blocks the unauthorized guest call. Update to JoomCCK 6.4.1 urgently.\",\"advisory\":\"https:\\/\\/github.com\\/JoomCoder-com\\/JoomCCK\\/releases#release-6.4.1\",\"advisory_en\":\"https:\\/\\/github.com\\/JoomCoder-com\\/JoomCCK\\/releases#release-6.4.1\"},{\"element\":\"com_chronoforms8\",\"type\":\"component\",\"folder\":\"\",\"name\":\"ChronoForms\",\"below\":\"8.0.53\",\"above\":\"8.0.0\",\"severity\":\"high\",\"note\":\"Unauthentifizierte gespeicherte XSS (CVE-2026-58148, ChronoForms 8.x vor 8.0.53): ein anonymer Besucher schleust \\u00fcber ein Formular-Feld JavaScript ein, das ungefiltert gespeichert und sp\\u00e4ter - z. B. beim Ansehen der Einsendungen im Backend - ausgef\\u00fchrt wird, bis hin zur \\u00dcbernahme der Admin-Sitzung (CVSS 8.7). Auf ChronoForms 8.0.53 aktualisieren.\",\"note_en\":\"Unauthenticated stored XSS (CVE-2026-58148, ChronoForms 8.x before 8.0.53): an anonymous visitor injects JavaScript via a form field that is stored unfiltered and later executed - e.g. when viewing the submissions in the backend - up to takeover of the admin session (CVSS 8.7). Update to ChronoForms 8.0.53.\",\"advisory\":\"https:\\/\\/www.cve.org\\/CVERecord?id=CVE-2026-58148\",\"advisory_en\":\"https:\\/\\/www.cve.org\\/CVERecord?id=CVE-2026-58148\"},{\"element\":\"com_jdownloads\",\"type\":\"component\",\"folder\":\"\",\"name\":\"jDownloads\",\"below\":\"4.1.6\",\"above\":\"4.1.0\",\"severity\":\"high\",\"note\":\"Unauthentifizierte Datei-Upload-L\\u00fccke (jDownloads 4.1.0-4.1.5): eine verwaiste Uploader-Datei (upload-handler.php) pr\\u00fcft weder Login noch Token und l\\u00e4sst einen anonymen Besucher beliebige Dateien - u. a. exe\\/msi\\/Archive - in einen Ordner der Site schreiben; auf manchen Servern bis zur Codeausf\\u00fchrung, sonst Malware-Hosting\\/Speicher-Flutung. HTProtects .htaccess-Schutzschild blockt den direkten \",\"note_en\":\"Unauthenticated file upload flaw (jDownloads 4.1.0-4.1.5): a leftover uploader file (upload-handler.php) checks neither login nor token and lets an anonymous visitor write arbitrary files - incl. exe\\/msi\\/archives - into a folder on the site; up to remote code execution on some servers, otherwise malware hosting \\/ disk flooding. HTProtect\'s .htaccess shield already blocks direct access to the file \",\"advisory\":\"https:\\/\\/www.jdownloads.com\\/index.php\\/news\\/jdownloads-4-1-6-secure-update-released.html\",\"advisory_en\":\"https:\\/\\/www.jdownloads.com\\/index.php\\/news\\/jdownloads-4-1-6-secure-update-released.html\"},{\"element\":\"com_dpcalendar\",\"type\":\"component\",\"folder\":\"\",\"name\":\"DPCalendar\",\"below\":\"10.11.2\",\"above\":\"9.0.0\",\"severity\":\"high\",\"note\":\"DPCalendar (Joomla 4.4-6, 9.0.0-10.11.1): unauthentifizierte Blind-SQL-Injection - der Autor-Filter filter_created_by (Frontend view=events) floss in skalarer Form ohne Integer-Cast in die Query (a.created_by IN ...); ein anonymer Besucher kann beliebige DB-Tabellen AUSLESEN (nichts \\u00e4ndern). Dringend auf 10.11.2 aktualisieren. HTProtects Mini-WAF blockt die Injektion bereits.\",\"note_en\":\"DPCalendar (Joomla 4.4-6, 9.0.0-10.11.1): unauthenticated blind SQL injection - the author filter filter_created_by (front-end view=events) flowed uncast (scalar form) into the query (a.created_by IN ...); an anonymous visitor can READ arbitrary DB tables (no writes). Update to 10.11.2 urgently. HTProtect mini-WAF already blocks the injection.\",\"advisory\":\"https:\\/\\/joomla.digital-peak.com\\/blog\\/2026-security-issue-in-dpcalendar\",\"advisory_en\":\"https:\\/\\/joomla.digital-peak.com\\/blog\\/2026-security-issue-in-dpcalendar\"},{\"element\":\"com_dpcalendar\",\"type\":\"component\",\"folder\":\"\",\"name\":\"DPCalendar\",\"below\":\"8.19.4\",\"above\":\"8.18.0\",\"severity\":\"high\",\"note\":\"DPCalendar Joomla-3-Linie (8.x), 8.18.0-8.19.3: dieselbe unauth Blind-SQL-Injection \\u00fcber den Autor-Filter filter_created_by (skalar, ohne Integer-Cast, nur lesend). In 8.19.4 (Joomla-3-Fix) behoben. Auf 8.19.4 aktualisieren. HTProtects Mini-WAF blockt die Injektion bereits.\",\"note_en\":\"DPCalendar Joomla 3 line (8.x), 8.18.0-8.19.3: same unauth blind SQL injection via the author filter filter_created_by (scalar, no integer cast, read-only). Fixed in 8.19.4 (Joomla 3 fix). Update to 8.19.4. HTProtect mini-WAF already blocks the injection.\",\"advisory\":\"https:\\/\\/joomla.digital-peak.com\\/blog\\/2026-security-issue-in-dpcalendar\",\"advisory_en\":\"https:\\/\\/joomla.digital-peak.com\\/blog\\/2026-security-issue-in-dpcalendar\"},{\"element\":\"com_phocadownload\",\"type\":\"component\",\"folder\":\"\",\"name\":\"Phoca Download\",\"below\":\"6.1.3\",\"above\":\"6.0.0\",\"severity\":\"high\",\"note\":\"Authentifizierter Datei-Upload -> RCE (Versionen 6.0 bis 6.1.2): ein eingeloggter Nutzer mit Zugriff auf die Upload-Funktion kann eine ausf\\u00fchrbare Datei (z. B. .php) hochladen und ausf\\u00fchren. In 6.1.3 (Security-Release) behoben - auf 6.1.3 oder neuer aktualisieren. HTProtects PHP-Schild verhindert die Ausf\\u00fchrung einer hochgeladenen PHP-Datei in den Upload-Ordnern bereits.\",\"note_en\":\"Authenticated file upload -> RCE (versions 6.0 to 6.1.2): a logged-in user with access to the upload feature can upload and run an executable file (e.g. .php). Fixed in 6.1.3 (security release) - update to 6.1.3 or newer. The HTProtect PHP shield already prevents execution of an uploaded PHP file in the upload folders.\",\"advisory\":\"https:\\/\\/www.phoca.cz\\/news\\/1481-phoca-download-version-6-1-3-released-security-release\",\"advisory_en\":\"https:\\/\\/www.phoca.cz\\/news\\/1481-phoca-download-version-6-1-3-released-security-release\"},{\"element\":\"com_acym\",\"type\":\"component\",\"folder\":\"\",\"name\":\"AcyMailing 6+\",\"below\":\"10.11.1\",\"above\":\"\",\"severity\":\"critical\",\"note\":\"AcyMailing Neuauflage (6+): CVE-2026-56292 unauthentifizierte SQL-Injection (6.0.0-10.11.0) - ein anonymer Angreifer liest beliebige DB-Tabellen inkl. Passwort-Hashes (CVSS 8.7). \\u00c4ltere L\\u00fccken: CVE-2023-28731 unauth Upload\\/RCE unter 8.3.0, CVE-2026-3614 Rechteausweitung 9.11.0-10.8.1. Dringend auf 10.11.1 aktualisieren.\",\"note_en\":\"AcyMailing new line (6+): CVE-2026-56292 unauthenticated SQL injection (6.0.0-10.11.0) - an anonymous attacker reads arbitrary DB tables incl. password hashes (CVSS 8.7). Older holes: CVE-2023-28731 unauth upload\\/RCE below 8.3.0, CVE-2026-3614 privilege escalation 9.11.0-10.8.1. Update to 10.11.1 urgently.\",\"advisory\":\"https:\\/\\/htprotect.org\\/acymailing\",\"advisory_en\":\"https:\\/\\/htprotect.org\\/en\\/acymailing\"},{\"element\":\"com_acymailing\",\"type\":\"component\",\"folder\":\"\",\"name\":\"AcyMailing Classic\",\"below\":\"4.9.5\",\"above\":\"\",\"severity\":\"critical\",\"note\":\"AcyMailing Classic (End-of-Life): \\u00e4ltere Versionen mit kritischen L\\u00fccken - unauthentifizierter Datei-Upload der 3.x-\\u00c4ra (RCE, z. B. 3.9.0) sowie Backend-SQL-Injection CVE-2015-7338 (in 4.9.5 behoben). Auf eine unterst\\u00fctzte AcyMailing-Version migrieren. (Die 5.x-Linie hat keine bekannte sehr kritische L\\u00fccke; CSV-Injection CVE-2018-9107 in 5.9.1-5.9.5 ist niedrig\\/client-seitig.)\",\"note_en\":\"AcyMailing Classic (end-of-life): older versions with critical holes - unauthenticated file upload of the 3.x era (RCE, e.g. 3.9.0) and backend SQL injection CVE-2015-7338 (fixed in 4.9.5). Migrate to a supported AcyMailing version. (The 5.x line has no known very critical hole; CSV injection CVE-2018-9107 in 5.9.1-5.9.5 is low\\/client-side.)\",\"advisory\":\"https:\\/\\/htprotect.org\\/acymailing\",\"advisory_en\":\"https:\\/\\/htprotect.org\\/en\\/acymailing\"},{\"element\":\"com_igallery\",\"type\":\"component\",\"folder\":\"\",\"name\":\"Ignite Gallery\",\"below\":\"5.4.1\",\"above\":\"5.0.0\",\"severity\":\"high\",\"note\":\"Ignite Gallery 5.0.0 bis 5.4.0: Stored XSS (hoch) durch fehlendes Output-Escaping beim Hochladen\\/Bearbeiten von Bildern, dazu SSRF (ungefilterte Video-URL) und eine Rechteausweitung beim Download geschuetzter\\/unveroeffentlichter Bilder. Ausnutzbar von Nutzern MIT Upload-\\/Bearbeitungsrecht (Frontend oder Backend). Auf 5.4.1 oder neuer aktualisieren.\",\"note_en\":\"Ignite Gallery 5.0.0 to 5.4.0: stored XSS (high) via missing output escaping when uploading\\/editing images, plus SSRF (unfiltered video URL) and a privilege escalation when downloading restricted\\/unpublished images. Exploitable by users WITH upload\\/edit permission (frontend or backend). Update to 5.4.1 or newer.\",\"advisory\":\"https:\\/\\/www.ignitegallery.com\\/documentation\\/changelog\",\"advisory_en\":\"https:\\/\\/www.ignitegallery.com\\/documentation\\/changelog\"},{\"element\":\"com_icagenda\",\"type\":\"component\",\"folder\":\"\",\"name\":\"iCagenda\",\"below\":\"4.0.8\",\"above\":\"4.0.0\",\"severity\":\"critical\",\"note\":\"CVE-2026-48939 (4.x-Linie 4.0.0-4.0.7): das Event-Formular (task=submit.submit) pr\\u00fcft nur das CSRF-Token, keine Zugriffsrechte - anonymer Datei-Upload. Voller RCE nur auf Joomla 6 (Core blockt .php nicht mehr); auf Joomla <=5 mildert der Core-Filter, die Zugriffsl\\u00fccke bleibt. Dringend auf 4.0.8 aktualisieren. HTProtects Dateischild verhindert die Ausf\\u00fchrung bereits.\",\"note_en\":\"CVE-2026-48939 (4.x line 4.0.0-4.0.7): the event form (task=submit.submit) checks only the CSRF token, no access rights - anonymous file upload. Full RCE only on Joomla 6 (core no longer blocks .php); on Joomla <=5 the core filter mitigates but the access flaw remains. Update to 4.0.8 urgently. The HTProtect file shield already prevents execution.\",\"advisory\":\"https:\\/\\/website-bereinigung.de\\/blog\\/icagenda-sicherheitsluecke-joomla\",\"advisory_en\":\"https:\\/\\/website-bereinigung.de\\/en\\/blog\\/icagenda-sicherheitsluecke-joomla\"},{\"element\":\"com_icagenda\",\"type\":\"component\",\"folder\":\"\",\"name\":\"iCagenda\",\"below\":\"3.9.15\",\"above\":\"3.2.1\",\"severity\":\"critical\",\"note\":\"CVE-2026-48939, 3.x-Linie 3.2.1-3.9.14: dieselbe Zugriffsl\\u00fccke im Event-Formular (task=submit.submit, keine Rechtepr\\u00fcfung, anonymer Datei-Upload). In 3.9.15 (Security-Backport f\\u00fcr Joomla 3) behoben. Dringend auf 3.9.15 aktualisieren. HTProtects Dateischild verhindert die Ausf\\u00fchrung bereits. (Voller RCE v. a. auf Joomla 6.)\",\"note_en\":\"CVE-2026-48939, 3.x line 3.2.1-3.9.14: same access-control flaw in the event form (task=submit.submit, no permission check, anonymous file upload). Fixed in 3.9.15 (security backport for Joomla 3). Update to 3.9.15 urgently. The HTProtect file shield already prevents execution. (Full RCE mainly on Joomla 6.)\",\"advisory\":\"https:\\/\\/website-bereinigung.de\\/blog\\/icagenda-sicherheitsluecke-joomla\",\"advisory_en\":\"https:\\/\\/website-bereinigung.de\\/en\\/blog\\/icagenda-sicherheitsluecke-joomla\"},{\"element\":\"com_sppagebuilder\",\"type\":\"component\",\"folder\":\"\",\"name\":\"SP Page Builder\",\"below\":\"6.6.2\",\"above\":\"6.0.0\",\"severity\":\"critical\",\"note\":\"Zero-Day (RCE) bis 6.6.1: der asset-Controller (task=asset.uploadCustomIcon) hatte keine Zugriffs-\\/Login-\\/Token-Pr\\u00fcfung - jeder konnte ohne Login eine beliebige Datei hochladen und ausf\\u00fchren (Remote Code Execution). Wurde aktiv ausgenutzt. Dringend auf 6.6.2 aktualisieren. (HTProtects Mini-WAF blockt den unauthentifizierten Aufruf, das Dateischild verhindert zus\\u00e4tzlich die Ausf\\u00fchrung einer hoc\",\"note_en\":\"Zero-day (RCE) up to 6.6.1: the asset controller (task=asset.uploadCustomIcon) had no access\\/login\\/token check - anyone could upload and execute an arbitrary file without logging in (remote code execution). Actively exploited. Update to 6.6.2 urgently. (HTProtect mini-WAF blocks the unauthenticated call, and the file shield additionally prevents an uploaded PHP shell from executing.)\",\"advisory\":\"https:\\/\\/website-bereinigung.de\\/blog\\/sp-page-builder-sicherheitsluecke-joomla\",\"advisory_en\":\"https:\\/\\/website-bereinigung.de\\/en\\/blog\\/sp-page-builder-sicherheitsluecke-joomla\"},{\"element\":\"com_pagebuilderck\",\"type\":\"component\",\"folder\":\"\",\"name\":\"PageBuilder CK\",\"below\":\"3.6\",\"above\":\"3.5.0\",\"severity\":\"critical\",\"note\":\"Kritische L\\u00fccke (RCE) bis 3.5.10: ein Front-End-Upload-Endpunkt (zum Hinzuf\\u00fcgen von Bildern) pr\\u00fcfte nur das CSRF-Token, aber keine Zugriffsrechte und keinen Dateityp - ein nicht eingeloggter Angreifer konnte eine beliebige Datei (z. B. PHP-Shell) in einen frei w\\u00e4hlbaren Ordner hochladen und ausf\\u00fchren (Remote Code Execution). Dringend auf 3.6.0 aktualisieren. (HTProtects generischer Upload-Sch\",\"note_en\":\"Critical flaw (RCE) up to 3.5.10: a front-end upload endpoint (for adding images) only verified the CSRF token but no access rights and no file type - an unauthenticated attacker could upload an arbitrary file (e.g. a PHP shell) into a freely chosen folder and execute it (remote code execution). Update to 3.6.0 urgently. (The HTProtect generic upload protection already blocks the unauthenticated u\",\"advisory\":\"\",\"advisory_en\":\"\"},{\"element\":\"com_pagebuilderck\",\"type\":\"component\",\"folder\":\"\",\"name\":\"PageBuilder CK\",\"below\":\"3.4.10\",\"above\":\"3.2.0\",\"severity\":\"critical\",\"note\":\"Kritische L\\u00fccke (RCE) in der Joomla-4-Linie unter 3.4.10: unauthentifizierter Datei-Upload \\u00fcber einen Front-End-Endpunkt (nur CSRF-Token, keine Zugriffs-\\/Typpr\\u00fcfung) - beliebige Datei in frei w\\u00e4hlbaren Ordner hochladbar und ausf\\u00fchrbar. In 3.4.10 (Backport) behoben. Dringend aktualisieren. (HTProtects generischer Upload-Schutz blockt den unauthentifizierten Upload bereits; das Dateischild verh\",\"note_en\":\"Critical flaw (RCE) in the Joomla 4 line below 3.4.10: unauthenticated file upload via a front-end endpoint (CSRF token only, no access\\/type check) - arbitrary file uploadable into a freely chosen folder and executable. Fixed in 3.4.10 (backport). Update urgently. (The HTProtect generic upload protection already blocks the unauthenticated upload; the file shield additionally prevents execution.)\",\"advisory\":\"\",\"advisory_en\":\"\"},{\"element\":\"com_pagebuilderck\",\"type\":\"component\",\"folder\":\"\",\"name\":\"PageBuilder CK\",\"below\":\"3.1.1\",\"above\":\"\",\"severity\":\"critical\",\"note\":\"Kritische L\\u00fccke (RCE) in der Joomla-3-Linie unter 3.1.1: unauthentifizierter Datei-Upload \\u00fcber einen Front-End-Endpunkt (nur CSRF-Token, keine Zugriffs-\\/Typpr\\u00fcfung) - beliebige Datei in frei w\\u00e4hlbaren Ordner hochladbar und ausf\\u00fchrbar. In 3.1.1 (Backport f\\u00fcr Joomla 3) behoben. Dringend aktualisieren. (HTProtects generischer Upload-Schutz blockt den unauthentifizierten Upload bereits; das Date\",\"note_en\":\"Critical flaw (RCE) in the Joomla 3 line below 3.1.1: unauthenticated file upload via a front-end endpoint (CSRF token only, no access\\/type check) - arbitrary file uploadable into a freely chosen folder and executable. Fixed in 3.1.1 (backport for Joomla 3). Update urgently. (The HTProtect generic upload protection already blocks the unauthenticated upload; the file shield additionally prevents ex\",\"advisory\":\"\",\"advisory_en\":\"\"}],\"php_min\":\"8.1\",\"fetched\":\"2026-07-18 14:16:18\",\"fetched_ts\":1784395050,\"etag\":\"\\\"6a5b86da-16d01\\\"\",\"modified\":\"Sat, 18 Jul 2026 13:59:54 GMT\",\"joomla_latest\":{\"3\":\"3.10.12\",\"4\":\"4.4.14\",\"5\":\"5.4.7\",\"6\":\"6.1.2\"},\"joomla_latest_ts\":1784373797,\"joomla_latest_try\":1784373797},\"htp_malware\":{\"schema\":1,\"version\":\"2026-07-18.be7d2a\",\"sigs\":[{\"id\":\"backdoor-prepend-sshkey\",\"all\":[\"auto_prepend_file\",\"authorized_keys\"]},{\"id\":\"cred-stealer-ctfaudit\",\"any\":[\"x-ctf-audit\",\"jlib_audit_gid\"]},{\"id\":\"upload-shell-form\",\"all\":[\"move_uploaded_file\",\"check directory permissions\"]},{\"id\":\"sppb-iconfont-shell\",\"any\":[\"sppbwhoami\"]},{\"id\":\"remote-eval-loader\",\"all\":[\"eval(\\\"?>\\\"\"],\"any\":[\"fetchcontentfromurl\",\"file_get_contents(\\\"http\",\"file_get_contents(\'http\"]},{\"id\":\"seo-doorway-slot\",\"any\":[\"slot gacor\",\"situs slot gacor\"]},{\"id\":\"filemanager-backdoor-data\",\"all\":[\"<?php exit;?>{\",\"\\\"groupinfo\\\"\",\"\\\"sizemax\\\"\"]},{\"id\":\"encrypted-eval-openssl\",\"all\":[\"openssl_raw_data\",\"aes-256-cbc\"],\"not\":[\"openssl_decrypt\",\"openssl_encrypt\"]},{\"id\":\"0xnix-split-encrypted\",\"all\":[\"0xnix encrypted code\"]},{\"id\":\"upload-shell-devco1\",\"all\":[\"move_uploaded_file\",\"devco1\"]},{\"id\":\"upload-shell-uname-form\",\"all\":[\"move_uploaded_file\",\"php_uname\",\"multipart\\/form-data\"]},{\"id\":\"hacktool-adminer\",\"all\":[\"adminer_errors\",\"idf_unescape\"]},{\"id\":\"webshell-range-obfuscator\",\"all\":[\"\\\"r\\\".\\\"a\\\".\\\"n\\\".\\\"g\\\".\\\"e\\\"\",\"eval\"]},{\"id\":\"webshell-md5quad-gate\",\"all\":[\"md5(md5(md5(md5(\",\"eval\"]},{\"id\":\"remote-loader-stream-include\",\"any\":[\"include stream_get_meta_data\",\"require stream_get_meta_data\",\"include(stream_get_meta_data\",\"require(stream_get_meta_data\"]},{\"id\":\"webshell-dual-uploader\",\"all\":[\"remote_url\",\"name=\\\"_upl\\\"\",\"name=\\\"_remote\\\"\"]},{\"id\":\"webshell-comment-obfuscator\",\"all\":[\"-*\\/\\/\\/\",\"\\\"~\\\"\"]},{\"id\":\"eval-openssl-shell\",\"label\":\"eval(openssl_decrypt) webshell\",\"all\":[\"eval(openssl_decrypt(\"]},{\"id\":\"dropper-drivergenius-c2\",\"label\":\"Remote-fetch dropper (drivergenius C2)\",\"all\":[\"drivergenius.it.com\"]},{\"id\":\"dropper-backdate-disguise\",\"label\":\"Remote-fetch dropper (mtime-forge + disguise)\",\"all\":[\"getreferencefiletime\",\"generatefilename\"]},{\"id\":\"js-inject-fake-cleaned\",\"label\":\"JS injection w\\/ fake \\\"cleaned\\/safe\\\" comment\",\"all\":[\"artifacts of previous malicious infection\",\"dangerous code has been removed\"]},{\"id\":\"linkforge-seo-injector\",\"label\":\"LinkForge SEO backlink injector\",\"all\":[\"linkforge.cc\"]},{\"id\":\"seo-doorway-cloak\",\"label\":\"SEO cloaking doorway (Thai gambling, fake sitemap)\",\"all\":[\"output_sitemap_page\",\"is_from_google\",\"send_404_and_exit\"]},{\"id\":\"helix-ultimate-xss\",\"label\":\"Helix Ultimate mega-menu XSS campaign\",\"any\":[\"xss.report\",\"_hu_inject\",\"_huinject\",\"sessionstorage._hxd\"]},{\"id\":\"gsocket-c2\",\"label\":\"gsocket reverse-shell C2 marker\",\"any\":[\"gs_args\"]},{\"id\":\"cloak-engine-thiscitze\",\"label\":\"thiscitze SEO cloaking engine\",\"all\":[\"thiscitze\"]}],\"names\":[{\"id\":\"probe-d1337\",\"m\":[\"_d1337_\"],\"label\":\"d1337 write-access probe \\/ dropper marker\"}],\"scan_ext\":[],\"ack\":[\"6608daed700e0afc330788b2a272ca8d\",\"67b5f9a00c7aabf34261c715aeeaadba\",\"9812b693256a0c306cc53368559c7a4b\",\"ec96a3bed6681af996fd37f0818cba6b\",\"abfe3b7513994ae6ac2f33129b5f6e7b\",\"fb2e76c5ebafc2b8ea82e0d35d45fa02\",\"2ec54ce00420cd41dfae5abedc9edcb7\",\"02c1a767857c55d31cae7277bc43bac2\",\"573a5e7374be2925911b552d485a28f3\",\"cdf24443c39d943f8750d4a4420e6581\",\"99af93b919c5b6bc14a82382c39010ec\",\"55e704bb88a8f9ab0d756976c527516b\",\"981b4f5e07bf9cd1249d60d659e4ef93\",\"87d978102ed075a8e58074a0d3595c30\",\"85648deb8324a11400ecaebcfd04ae16\",\"323707d28051b4cbf161420f5f1bb499\",\"19104a261abbdffe7cd1713949b286cf\",\"a72013015988ad7d978ce9841a9668dd\",\"a8af9b93d27c774601e1d8a902145bd7\",\"82c8de717e67a620ca503a1a01a7d909\",\"a8192a3cf6279862054cb3092dad82bf\",\"eae8beb708347cfe54bf87506b572f41\",\"5db6f4cdd20dfee86e05110a2276d748\",\"872e97edc1d4247d2ed86d35f468ff88\",\"da9c67c9b7be2d5a7eb9113d76119abc\",\"d0c5a881e845f93a72e1450259de0d33\",\"ea531694f501221b61a324d3754da603\",\"b8333a512d949684c91c9dd907f9cb0c\",\"2c57aea21d161fe5761ffab0abff8228\",\"93117860cd06939707a4ff1797bebb40\",\"7f58961ebcc0db81b16c2d16072fb084\",\"760423f79cedc17e78df95505e93f0c7\"],\"community\":0,\"fp\":[{\"all\":[\"easycalccheckplus\"],\"only\":[\"rce\"],\"id\":\"ecc-plus-doc-rce\"},{\"all\":[\"phpoffice\\\\phpspreadsheet\"],\"only\":[\"mixedcase\",\"wrapper\"],\"id\":\"phpspreadsheet-lib\"},{\"any\":[\"cp_errordocument\",\"status-reason\"],\"not\":[\"<!--#exec\",\"<?\"],\"only\":[\"shtml\"],\"id\":\"plesk-error-shtml\"},{\"all\":[\"gumlet\",\"data:\\/\\/application\\/octet-stream\"],\"only\":[\"wrapper\"],\"id\":\"gumlet-imageresize-datawrapper\"},{\"all\":[\"data:\\/\\/image\",\"exif_read_data\"],\"only\":[\"wrapper\"],\"id\":\"exif-data-wrapper\"},{\"all\":[\"phpoffice\\\\phpword\"],\"only\":[\"mixedcase\",\"wrapper\"],\"id\":\"phpword-lib\"},{\"all\":[\"box\\\\spout\"],\"only\":[\"mixedcase\",\"wrapper\"],\"id\":\"box-spout-lib\"},{\"all\":[\"sarciszewski\\\\phpfuture\"],\"only\":[\"wrapper\"],\"id\":\"php-future-lib\"},{\"all\":[\"baformsmodelform\"],\"only\":[\"feed:upload-shell-uname-form\"],\"id\":\"fp-baforms-model\"},{\"all\":[\"quixnxt\"],\"only\":[\"goto\"],\"id\":\"fp-quix-goto\"},{\"all\":[\"varexporter\"],\"only\":[\"goto\"],\"id\":\"fp-symfony-varexporter-goto\"},{\"all\":[\"valorapps.com\"],\"only\":[\"idxbuild\"],\"id\":\"fp-easyfolderlisting-changelog\"},{\"all\":[\"matomo.org\"],\"only\":[\"rce\"],\"id\":\"fp-matomo-rce\"},{\"all\":[\"namespace tracy\"],\"only\":[\"phtml\"],\"id\":\"fp-tracy-phtml\"}],\"seo\":{\"weights\":[],\"keywords\":[],\"sigs\":[]},\"recall\":[],\"fetched\":\"2026-07-18 19:09:52\",\"fetched_ts\":1784401792,\"etag\":\"\\\"6a5bc757-a6eb\\\"\",\"modified\":\"Sat, 18 Jul 2026 18:35:03 GMT\"},\"htp_incidents\":{\"ext:helix3|vulnerable\":1784113092,\"ext:com_jce|vulnerable\":1784113092}}'
WHERE `type` = 'component' AND `element` = 'com_htprotect'