CVE-2026-48909
UNKNOWN
NVD
CVSS Score
0
Severity
UNKNOWN
Published
Jun 20, 2026
Vendor
unknown
Description
SP LMS (com_splms) < 4.1.4 by JoomShaper deserializes user-controlled cookie data without validation, enabling an unauthenticated remote attacker to execute arbitrary code on the server.