The Joomla extension Page Builder CK is vulnerable to an unauthenticated arbitrary file upload that allows uploading executable files and leads to full RCE.
The vulnerability results from insufficient access control (CWE-284) in the file upload mechanism of the Page Builder CK extension. An attacker without any authentication can send an HTTP request containing an executable file (e.g., PHP webshell) to the vulnerable endpoint. After successful upload, the file is saved in a location accessible by the web server, enabling its remote invocation and execution of arbitrary system commands.
The attacker gains full control over the server — can execute arbitrary system commands, read and modify data, and use the compromised server as a launching point for further attacks on the internal network.
Apply patches available from the vendor according to the references (https://www.joomlack.fr/). Until the update is implemented, it is recommended to disable or uninstall the Page Builder CK extension and restrict access to the Joomla service at the firewall level.
Page Builder CK extension for Joomla — versions indicated in the vendor references (https://www.joomlack.fr/)
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H/E:A/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:Y/R:X/V:X/RE:X/U:RedJoomlack Page Builder Ck
APPJoomlack≤ 3.6.0