CVE-2026-57828

Summary

The Joomla extension Phoca Downloads is vulnerable to an authenticated arbitrary file upload that allows registered users uploading executable files and leads to full RCE.

Affected Software

VendorProductVersion RangeStatus
phoca.czphoca.cz Phoca Download extension for Joomla1.0-6.1.2affected

Weaknesses

  • CWE-434: CWE-434: Unrestricted Upload of File with Dangerous Type

References