CRITICAL
phoca.cz
CVE published 2026-07-11
CVE-2026-57828
CVE-2026-57828 is an authenticated arbitrary file upload vulnerability in Joomla's Phoca Downloads extension. This vulnerability allows registered users to upload executable files, potentially leading to full remote code execution (RCE). The vulnerability has a CVSS score of 9 and is classified as CRITICAL. Administrators and users of Joomla's Phoca Downloads extension should be aware of this vulnerabilit [truncated]