The U.S. Cybersecurity and Infrastructure Security Agency (CISA) is warning that attackers are exploiting vulnerabilities in the iCagenda and Balbooa Forms extensions for Joomla to achieve remote code execution through arbitrary file uploads.

CISA adds exploited iCagenda and Balbooa Forms flaws to KEV after reported zero-day attacks enabled PHP uploads and remote code execution on sites.

Hackers have been exploiting critical vulnerabilities in the Balbooa Forms and iCagenda Joomla extensions for code execution.