PT-2026-57426 · Phoca.Cz · Phoca.Cz Phoca Download Extension For Joomla

Phil Taylor

·

Published

2026-07-11

·

Updated

2026-07-11

·

CVE-2026-57828

CVSS v4.0

9.0

Critical

VectorAV:N/AC:L/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H
The Joomla extension Phoca Downloads is vulnerable to an authenticated arbitrary file upload that allows registered users uploading executable files and leads to full RCE.

Fix

Unrestricted File Upload

Found an issue in the description? Have something to add? Feel free to write us 👾

Weakness Enumeration

Related Identifiers

CVE-2026-57828

Affected Products

Phoca.Cz Phoca Download Extension For Joomla