Joomla sites running extensions with the Novarain/Tassos Framework face serious risks from newly disclosed vulnerabilities. Independent researcher p1r0x, via SSD Secure Disclosure, uncovered flaws that allow SQL injection and unauthenticated file reads. Attackers can chain these issues for administrator takeover and remote code execution on unpatched systems. Affected extensions include Convert Forms, EngageBox, Google Structured […] The post Critical Joomla Novarain/Tassos Framework Flaws Enable SQL Injection and Unauthenticated File Read appeared first on Cyber Security News.