๐Ÿ” CVE Alert

CVE-2026-57828

UNKNOWN 0.0

Joomla Extension - phoca.cz - Authenticated file upload in RSFiles component < 6.1.3

CVSS Score
0.0
EPSS Score
0.3%
EPSS Percentile
17th

The Joomla extension Phoca Downloads is vulnerable to an authenticated arbitrary file upload that allows registered users uploading executable files and leads to full RCE.

CWE CWE-434
Vendor phoca.cz
Product phoca.cz phoca download extension for joomla
Published Jul 11, 2026
Last Updated Jul 15, 2026
Stay Ahead of the Next One

Get instant alerts for phoca.cz phoca.cz phoca download extension for joomla

Be the first to know when new unknown vulnerabilities affecting phoca.cz phoca.cz phoca download extension for joomla are published โ€” delivered to Slack, Telegram or Discord.

Get Free Alerts โ†’ Free ยท No credit card ยท 60 sec setup

Affected Versions

phoca.cz / phoca.cz Phoca Download extension for Joomla
1.0-6.1.2

References

NVD โ†— CVE.org โ†— EPSS Data โ†—
phoca.cz: https://www.phoca.cz/phocadownload mysites.guru: https://mysites.guru/blog/phoca-download-authenticated-file-upload-rce/

Credits

Phil Taylor