Main menu

Forum


× Help Forum English

CVE-2026-48939

  • Sinna
  • Topic Author
  • New Member
  • New Member
More
11 hours 4 minutes ago #19091 by Sinna
CVE-2026-48939 was created by Sinna
After reading  CISA Adds Two Known Exploited Vulnerabilities to Catalog , I wanted to upgrade an ancient version if iCagenda (3.6.6 Pro) to iCagenda 3.9.15. I however only can find the free version, but upgrading the current pro version to a free version results in an 0 - Call to a member function get() on bool crash taking the whole website down. This behavior is described in forum.joomlic.com/icagenda-help-en/3645-...event-list-mod#15064
Based on /administrator/index.php?option=com_icagenda&view=liveupdate, 3.6.6 is the latest version. I've checked the Update Sites URL for JoomliC PRO Update Server - pro.joomlic.com/icupdate/modules/updates.xml, but that URL is automatically redirected to www.joomlic.com/.

I do realize that running iCagenda 3.6.6 Pro on a Joomla! 3.10.12-website is no longer considered safe, but waiting for a new website, I should be able to keep this one up-and-running.

So my question is: is there an upgrade path from 3.6.6 Pro to 3.9.15 Pro available?
If not, how can I safely upgrade to 3.9.15 free without facing the 0 - Call to a member function get() on bool bug?

Thanks in advance,
Kris

Computer[h|z]ero

Please Log in or Create an account to join the conversation.

  • Lyr!C
  • Lyr!C's Avatar
  • Administrator
  • Administrator
  • Lead Developer
More
6 hours 41 minutes ago - 6 hours 40 minutes ago #19092 by Lyr!C
Replied by Lyr!C on topic CVE-2026-48939
Hello Kris,

First, your iCagenda installation on your Joomla 3 is "safe": it has no critical security issue (but your Joomla 3 installation is maybe not so safe as end of life...).

Only Joomla 6 from 6.0.0 to 6.1.1 has a critical security issue on attachment uploads (this is fixed in Joomla 6.1.2).

That means iCagenda running on all older versions prior to Joomla 6 (and all J6 version since 6.1.2) don't have a critical vulnerability.

The only common issue is the possibility to submit a not-approved event in quest access. The result is "fake" event added to the list of events, not visible on public frontend, but in admin, and with no possibility to exploit it.
So, more annoying than anything.

About your pro version, the version 3.6.6 is really old. If you don't have anymore an active pro subscription, so you can't update to pro.
If you want to install the free version over a pro version, then you will have first to remove the pro module (iC Event List) and the pro plugins, as it's using old code from 3.6.6 (December 2016... 10 years ago) may not run with component code from 2026...
This is like installing a core component of Joomla 6 on a Joomla 3 site, it will crash.

Another solution, if you want to keep the pro feature of iCagenda Pro, is to renew your subscription... ;-)

Best regards,
Cyril

Latest version : iCagenda 4.0.10
We recommend every user to keep iCagenda updated.
Don't forget to have your Joomla!™ up-to-date!

Do you like iCagenda?
I would appreciate if you could take 5 minutes to post a review on JED (Joomla Extensions Directory) .

File Attachment:

Last edit: 6 hours 40 minutes ago by Lyr!C.

Please Log in or Create an account to join the conversation.

Moderators: Lyr!C
Time to create page: 0.109 seconds

Follow Us

Create your Joomla templates with Template Creator CK

acymailing logo new