Rsjoomla Com Rsfiles Extension For Joomla
Monthly
Unauthenticated arbitrary file upload in the RSFiles download-manager extension for Joomla (by RSJoomla) lets remote attackers upload executable files (e.g. PHP web shells) and achieve full remote code execution on the hosting server. The CVSS 4.0 threat metrics flag exploitation as active (E:A) and automatable (AU:Y), and NVD/ADP assigns maximum urgency, but no CISA KEV listing was provided in this data. A vendor product page and a third-party technical writeup are referenced; standalone public exploit code was not confirmed in the supplied sources.
Unauthenticated arbitrary file upload in the RSFiles download-manager extension for Joomla (by RSJoomla) lets remote attackers upload executable files (e.g. PHP web shells) and achieve full remote code execution on the hosting server. The CVSS 4.0 threat metrics flag exploitation as active (E:A) and automatable (AU:Y), and NVD/ADP assigns maximum urgency, but no CISA KEV listing was provided in this data. A vendor product page and a third-party technical writeup are referenced; standalone public exploit code was not confirmed in the supplied sources.