@hackingteamprohackers: 🚨 CVE-2026-48907 — JoomlaSniper v1.0 released Unauthenticated RCE in Joomla JCE Editor (≤2.9.99.4) CVSS 10.0 • Affects ALL production versions File upload → PHP execution in /tmp/ — no auth required 🔗 http://github.com/ynsmroztas/JoomlaSniper Tool features: ✅ Dual vector (tmp/ + JCE browser) ✅ Interactive shell ✅ Zero dependencies (stdlib only) ✅ Pipeline: subfinder | httpx | JoomlaSniper ✅ Multi-function fallback (shell_exec → system → passthru) ✅ Auto store code detection Fixed in JCE 2.9.99.5 Quick test: python3 http://JoomlaSniper.py -u http://target.com --shell Subdomain tarama: subfinder -d http://target.com | httpx -silent | python3 http://JoomlaSniper.py #BugBounty #InfoSec #RedTeam #AppSec #bugbountytip

Hacking Team

Open In TikTok:

Region: ES

Monday 15 June 2026 04:37:00 GMT