A vulnerability described as critical has been identified in joomcoder JoomCCK Extension up to 6.4.0 . Affected is an unknown function. Such manipulation leads to sql injection. This vulnerability is uniquely identified as CVE-2026-49048 . The attack can be launched remotely. No exploit exists.