{
  "$type": "site.standard.document",
  "bskyPostRef": {
    "cid": "bafyreiebarr3s7rlsm6k5sh3lo7pc4zhmu4kw6ell2fya2elkc2v54w2ai",
    "uri": "at://did:plc:6wtxqaikjf62unmnajbfbq5v/app.bsky.feed.post/3mfdgupvjcdp2"
  },
  "coverImage": {
    "$type": "blob",
    "ref": {
      "$link": "bafkreifjaz7a6b65puapyxq7ugl5uodu77u5mcpbndpm4ls3gkoytedewu"
    },
    "mimeType": "image/jpeg",
    "size": 75762
  },
  "path": "/joomla-tassos-framework-flaws-enable-sqli-and-file-attacks/",
  "publishedAt": "2026-02-20T18:26:03.000Z",
  "site": "https://vpncentral.com",
  "tags": [
    "News",
    "Joomla Tassos Framework Flaws Enable SQLi and File Attacks",
    "VPN Central"
  ],
  "textContent": "Joomla sites using Novarain/Tassos Framework face critical vulnerabilities allowing unauthenticated file read, deletion, and SQL injection. These lead to admin takeover and RCE via chained exploits. The flaws hit plg_system_nrframework plugin and bundled extensions like Convert Forms and EngageBox. Independent researcher p1r0x discovered the issues through source code review. The AJAX handler processes task=include without […]\n\nThe post Joomla Tassos Framework Flaws Enable SQLi and File Attacks appeared first on VPN Central.",
  "title": "Joomla Tassos Framework Flaws Enable SQLi and File Attacks"
}