Main menu

Forum


× Help Forum English

CVE-2026-48939

  • Sinna
  • Auteur du sujet
  • Nouveau membre
  • Nouveau membre
Plus d'informations
il y a 12 heures 40 minutes #19091 par Sinna
CVE-2026-48939 a été créé par Sinna
After reading  CISA Adds Two Known Exploited Vulnerabilities to Catalog , I wanted to upgrade an ancient version if iCagenda (3.6.6 Pro) to iCagenda 3.9.15. I however only can find the free version, but upgrading the current pro version to a free version results in an 0 - Call to a member function get() on bool crash taking the whole website down. This behavior is described in forum.joomlic.com/icagenda-help-en/3645-...event-list-mod#15064
Based on /administrator/index.php?option=com_icagenda&view=liveupdate, 3.6.6 is the latest version. I've checked the Update Sites URL for JoomliC PRO Update Server - pro.joomlic.com/icupdate/modules/updates.xml, but that URL is automatically redirected to www.joomlic.com/.

I do realize that running iCagenda 3.6.6 Pro on a Joomla! 3.10.12-website is no longer considered safe, but waiting for a new website, I should be able to keep this one up-and-running.

So my question is: is there an upgrade path from 3.6.6 Pro to 3.9.15 Pro available?
If not, how can I safely upgrade to 3.9.15 free without facing the 0 - Call to a member function get() on bool bug?

Thanks in advance,
Kris

Computer[h|z]ero

Connexion ou Créer un compte pour participer à la conversation.

  • Lyr!C
  • Portrait de Lyr!C
  • Administrateur
  • Administrateur
  • Lead Developer
Plus d'informations
il y a 8 heures 17 minutes - il y a 8 heures 16 minutes #19092 par Lyr!C
Réponse de Lyr!C sur le sujet CVE-2026-48939
Hello Kris,

First, your iCagenda installation on your Joomla 3 is "safe": it has no critical security issue (but your Joomla 3 installation is maybe not so safe as end of life...).

Only Joomla 6 from 6.0.0 to 6.1.1 has a critical security issue on attachment uploads (this is fixed in Joomla 6.1.2).

That means iCagenda running on all older versions prior to Joomla 6 (and all J6 version since 6.1.2) don't have a critical vulnerability.

The only common issue is the possibility to submit a not-approved event in quest access. The result is "fake" event added to the list of events, not visible on public frontend, but in admin, and with no possibility to exploit it.
So, more annoying than anything.

About your pro version, the version 3.6.6 is really old. If you don't have anymore an active pro subscription, so you can't update to pro.
If you want to install the free version over a pro version, then you will have first to remove the pro module (iC Event List) and the pro plugins, as it's using old code from 3.6.6 (December 2016... 10 years ago) may not run with component code from 2026...
This is like installing a core component of Joomla 6 on a Joomla 3 site, it will crash.

Another solution, if you want to keep the pro feature of iCagenda Pro, is to renew your subscription... ;-)

Best regards,
Cyril

Latest version : iCagenda 4.0.10
We recommend every user to keep iCagenda updated.
Don't forget to have your Joomla!™ up-to-date!

Do you like iCagenda?
I would appreciate if you could take 5 minutes to post a review on JED (Joomla Extensions Directory) .

Fichier attaché :

Dernière édition: il y a 8 heures 16 minutes par Lyr!C.

Connexion ou Créer un compte pour participer à la conversation.

Modérateurs: Lyr!C
Temps de génération de la page : 0.186 secondes

Follow Us

Créez vos templates Joomla avec Template Creator CK

acymailing logo new