PT-2026-57426 · Phoca.Cz · Phoca.Cz Phoca Download Extension For Joomla
Phil Taylor
·
Published
2026-07-11
·
Updated
2026-07-11
·
CVE-2026-57828
CVSS v4.0
9.0
Critical
| Vector | AV:N/AC:L/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H |
The Joomla extension Phoca Downloads is vulnerable to an authenticated arbitrary file upload that allows registered users uploading executable files and leads to full RCE.
Fix
Unrestricted File Upload
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Phoca.Cz Phoca Download Extension For Joomla