An authenticated RCE vulnerability in Phoca Commander component 1.0.0-4.0.0 and 5.0.0-5.0.1 for Joomla was discovered. The issue allows code execution via the unzip feature.
CVSS
No CVSS.
References
| Link | Resource |
|---|---|
| https://phoca.cz/ |
Configurations
No configuration.
History
15 Apr 2026, 00:35
| Type | Values Removed | Values Added |
|---|---|---|
| Summary |
|
15 Aug 2025, 12:15
| Type | Values Removed | Values Added |
|---|---|---|
| New CVE |
Information
Published : 2025-08-15 12:15
Updated : 2026-06-17 09:40
NVD link : CVE-2025-54473
Mitre link : CVE-2025-54473
CVE.ORG link : CVE-2025-54473
JSON object : View
Products Affected
No product.
CWE
CWE-434
Unrestricted Upload of File with Dangerous Type
