CVE-2026-39292NVD

Vulnerability Summary

Falco Solutions PHPPageBuilder v0.31.0 contains an unrestricted file upload vulnerability in the pagemanager/pagebuilder module that allows remote attackers to upload arbitrary files and achieve remote code execution. The vulnerability exists due to insufficient validation of uploaded file types and executable content.

Severity Level

HIGH(7.3)

Published Date

May 29, 2026

Last Modified

Jun 1, 2026

Exploitation Status

????

EPSS Score (30-Day)

0.30%Probability

Root Weakness (CWE)

CWE-434: Unrestricted File Upload ↗

The software allows the attacker to upload or transfer files of dangerous types that can be automatically processed within the product's environment.

CVSS v3.1 Base Metrics

Attack VectorNetwork

Attack ComplexityLow

Privileges RequiredNone

User InteractionNone

ScopeUnchanged

ConfidentialityLow

IntegrityLow

AvailabilityLow

External References

https://github.com/HansSchouten/PHPageBuilder
https://github.com/krishnadevpmelevila/CVE-2026-39292/tree/main