An unauthenticated arbitrary file upload vulnerability in the Page Builder CK extension for Joomla poses a critical risk of full remote code execution.

The extension fails to properly validate file uploads, allowing an unauthenticated attacker to upload executable files to the server. This leads to full remote code execution (RCE) with the privileges of the web server user.

With a CVSS score of 10.0, this vulnerability represents the highest level of risk, as it allows complete compromise of the affected Joomla instance. Successful exploitation can lead to total loss of confidentiality, integrity, and availability, including unauthorized access to the underlying database and potential pivot points into the broader network.

Immediate Action: Update the Page Builder CK extension to the latest available version provided by the vendor immediately.

Proactive Monitoring: Inspect the web server's upload directories for unauthorized files and monitor for suspicious outbound network traffic originating from the web server.

Compensating Controls: Implement a Web Application Firewall (WAF) rule to block unauthorized file uploads and restrict access to administrative or sensitive upload-handling endpoints.

Public Exploit Available: Unknown

Given the critical nature of this RCE vulnerability and the lack of authentication required, immediate patching is mandatory. Organizations should treat this as a top-priority task to prevent potential server takeover and data exfiltration.