Joomla Tassos Framework Flaws Enable SQLi and File Attacks

Joomla sites using Novarain/Tassos Framework face critical vulnerabilities allowing unauthenticated file read, deletion, and SQL injection. These lead to admin takeover and RCE via chained exploits. The flaws hit plg_system_nrframework plugin and bundled extensions like Convert Forms and EngageBox. Independent researcher p1r0x discovered the issues through source code review. The AJAX handler processes task=include without […]

The post Joomla Tassos Framework Flaws Enable SQLi and File Attacks appeared first on VPN Central.