Product
A critical unrestricted file upload vulnerability, CVE-2026-48908, in JoomShaper SP Page Builder allows unauthenticated attackers to upload arbitrary files of dangerous types, specifically PHP code, which can be executed on the server to achieve remote code execution and full system compromise.