Joomla com_mb24sysapi Module Unauthenticated RCE (CVE-2026-32968)
An unauthenticated remote attacker can exploit an OS command injection vulnerability (CVE-2026-32968) in the com_mb24sysapi module of Joomla, leading to remote code execution and full system compromise.
CVE-2026-32968 describes a critical remote code execution (RCE) vulnerability affecting the com_mb24sysapi module in Joomla. The vulnerability stems from improper neutralization of special elements within OS commands, allowing an unauthenticated remote attacker to inject arbitrary commands. Successful exploitation of this vulnerability can lead to complete compromise of the affected system. This vulnerability is identified as a variant of CVE-2020-10383, suggesting a similar underlying flaw…
Detection coverage 2
Detect Joomla com_mb24sysapi Command Injection Attempt
criticalDetects attempts to exploit command injection vulnerability in the Joomla com_mb24sysapi module by looking for suspicious parameters in HTTP requests.
Detect Joomla com_mb24sysapi POST Command Injection Attempt
criticalDetects attempts to exploit command injection vulnerability in the Joomla com_mb24sysapi module via POST requests by looking for suspicious parameters in HTTP requests.
Detection queries are kept inside the platform. Get full rules →
Indicators of compromise
1
2
url