CVE-2026-57828

The Joomla extension Phoca Downloads is vulnerable to an authenticated arbitrary file upload that allows registered users uploading executable files and leads to full RCE.
Configurations

Configuration 1 (hide)

cpe:2.3:a:phoca:download:*:*:*:*:*:joomla\!:*:*

History

14 Jul 2026, 18:31

Type Values Removed Values Added
References () https://mysites.guru/blog/phoca-download-authenticated-file-upload-rce/ - () https://mysites.guru/blog/phoca-download-authenticated-file-upload-rce/ - Exploit, Third Party Advisory
References () https://www.phoca.cz/phocadownload - () https://www.phoca.cz/phocadownload - Product
First Time Phoca download
Phoca
CPE cpe:2.3:a:phoca:download:*:*:*:*:*:joomla\!:*:*
CVSS v2 : unknown
v3 : unknown
v2 : unknown
v3 : 8.8

11 Jul 2026, 10:16

Type Values Removed Values Added
New CVE

Information

Published : 2026-07-11 10:16

Updated : 2026-07-14 18:31


NVD link : CVE-2026-57828

Mitre link : CVE-2026-57828

CVE.ORG link : CVE-2026-57828


JSON object : View

Products Affected

phoca

  • download
CWE
CWE-434

Unrestricted Upload of File with Dangerous Type