The Joomla extension Phoca Downloads is vulnerable to an authenticated arbitrary file upload that allows registered users uploading executable files and leads to full RCE.
References
| Link | Resource |
|---|---|
| https://mysites.guru/blog/phoca-download-authenticated-file-upload-rce/ | Exploit Third Party Advisory |
| https://www.phoca.cz/phocadownload | Product |
Configurations
History
14 Jul 2026, 18:31
| Type | Values Removed | Values Added |
|---|---|---|
| References | () https://mysites.guru/blog/phoca-download-authenticated-file-upload-rce/ - Exploit, Third Party Advisory | |
| References | () https://www.phoca.cz/phocadownload - Product | |
| First Time |
Phoca download
Phoca |
|
| CPE | cpe:2.3:a:phoca:download:*:*:*:*:*:joomla\!:*:* | |
| CVSS |
v2 : v3 : |
v2 : unknown
v3 : 8.8 |
11 Jul 2026, 10:16
| Type | Values Removed | Values Added |
|---|---|---|
| New CVE |
Information
Published : 2026-07-11 10:16
Updated : 2026-07-14 18:31
NVD link : CVE-2026-57828
Mitre link : CVE-2026-57828
CVE.ORG link : CVE-2026-57828
JSON object : View
Products Affected
phoca
- download
CWE
CWE-434
Unrestricted Upload of File with Dangerous Type
