Skip to main content

RSFiles EUVDEUVD-2026-43168

| CVE-2026-57827 CRITICAL
Unrestricted Upload of File with Dangerous Type (CWE-434)
2026-07-11 Joomla GHSA-7q98-wg4p-5v7g
10.0
CVSS 4.0 · Vendor: Joomla
Share

Severity by source

Vendor (Joomla) PRIMARY
10.0 CRITICAL
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H/E:A/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:Y/R:X/V:X/RE:X/U:Red
vuln.today AI
10.0 CRITICAL

Unauthenticated network file upload yielding code execution beyond the Joomla component onto the host justifies AV:N/AC:L/PR:N/UI:N with S:C and full C/I/A impact.

3.1 AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H
4.0 AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H

Primary rating from Vendor (Joomla).

CVSS VectorVendor: Joomla

CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H/E:A/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:Y/R:X/V:X/RE:X/U:Red
Attack Vector
Network
Attack Complexity
Low
Privileges Required
None
User Interaction
None
Scope
X

Lifecycle Timeline

2
Analysis Generated
Jul 11, 2026 - 10:17 vuln.today
CVE Published
Jul 11, 2026 - 09:29 cve.org
CRITICAL 10.0

DescriptionCVE.org

The Joomla extension RSFiles is vulnerable to an unauthenticated arbitrary file upload that allows uploading executable files and leads to full RCE.

AnalysisAI

Unauthenticated arbitrary file upload in the RSFiles download-manager extension for Joomla (by RSJoomla) lets remote attackers upload executable files (e.g. PHP web shells) and achieve full remote code execution on the hosting server. …

Unlock full vulnerability intelligence

  • Risk assessment & exploitation conditions
  • Attack chain visualization
  • Remediation with exact patch versions
  • Threat intelligence from 22 sources
  • Personal watchlist & email alerts

Free forever · No credit card required

Attack ChainAIDerived

Hypothetical attack flow derived from CVE metadata

Access
Locate Joomla site running RSFiles
Delivery
Craft malicious PHP payload
Exploit
Bypass upload type validation
Execution
Write web shell to web root
Persist
Request shell URL, execute code
Impact
Full server compromise

Vulnerability AssessmentAI

Exploitation The RSFiles (Joomla Download Manager) extension must be installed and enabled on a reachable Joomla site, with its file-upload endpoint accessible over the network. … Additional conditions and limiting factors are described in the full assessment.
Risk Assessment This is a genuine top-priority issue, not an inflated high-CVSS score. … Full risk analysis with EPSS, KEV, and SSVC signal comparison available after sign-in.
Exploit Scenario A remote attacker with no credentials sends an HTTP request to the RSFiles upload functionality, submitting a PHP web shell disguised or unfiltered past the extension's weak file-type checks. The file lands in a web-accessible directory; the attacker then requests its URL to execute commands as the web server user, achieving full server compromise. …
Remediation No vendor-released patch version was identified at time of analysis, and the supplied CPE gives no fixed version, so administrators should immediately check RSJoomla (https://www.rsjoomla.com/joomla-extensions/joomla-download-manager.html) for an updated RSFiles release and apply the latest version as the primary fix. … Detailed patch versions, workarounds, and compensating controls in full report.

Recommended ActionAI

Within 24 hours: Identify all Joomla installations using RSFiles extension; document affected systems and data criticality. …

Sign in for detailed remediation steps and compensating controls.

Threat intelligence, references, and detailed analysis are available after sign-in.

Share

EUVD-2026-43168 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy