Skip to main content

Phoca Cz Phoca Download Extension For Joomla

1 CVEs product

Monthly

CVE-2026-57828 CRITICAL Act Now

Arbitrary file upload in the Phoca Download extension for Joomla lets any authenticated registered user upload executable files (e.g. PHP) that the server will run, yielding full remote code execution. The flaw is scored 9.0 (CVSS 4.0) and is exploitable over the network by low-privilege accounts, so any site permitting self-registration is directly at risk. A public technical write-up describing the RCE technique exists, though no active exploitation has been confirmed by CISA KEV.

File Upload Phoca Cz Phoca Download Extension For Joomla
NVD VulDB
CVSS 4.0
9.0
EPSS
0.3%
EPSS 0% CVSS 9.0
CRITICAL Act Now

Arbitrary file upload in the Phoca Download extension for Joomla lets any authenticated registered user upload executable files (e.g. PHP) that the server will run, yielding full remote code execution. The flaw is scored 9.0 (CVSS 4.0) and is exploitable over the network by low-privilege accounts, so any site permitting self-registration is directly at risk. A public technical write-up describing the RCE technique exists, though no active exploitation has been confirmed by CISA KEV.

File Upload Phoca Cz Phoca Download Extension For Joomla
NVD VulDB

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy