CVE-2026-57828
CRITICAL
9.0
CVSS 4.0
Description
The Joomla extension Phoca Downloads is vulnerable to an authenticated arbitrary file upload that allows registered users uploading executable files and leads to full RCE.
Metadata
Severity & Metrics
9.0
CRITICAL CVSS 4.0
CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H
Affected products (1)
| Vendor | Product | Platform | Versions |
|---|---|---|---|
| phoca.cz | phoca.cz Phoca Download extension for Joomla | — | 1.0-6.1.2 |
Weakness (CWE)
| CWE | Source | Description |
|---|---|---|
| CWE-434 | cna | CWE-434: Unrestricted Upload of File with Dangerous Type |
CVSS scores (1)
| Score | Severity | Version | Source | Vector |
|---|---|---|---|---|
| 9.0 | CRITICAL | 4.0 | cna | CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H |
References (2)