Arbitrary file upload in Rsjoomla.com Rsfiles Extension For Joomla
CVE-2026-57827
The Joomla extension RSFiles is vulnerable to an unauthenticated arbitrary file upload that allows uploading executable files and leads to full RCE.
Vulnerability class: Unrestricted File Upload
Affected products
- Rsjoomla.com Rsfiles Extension For Joomla — versions 1.0-1.17.11
Weakness classification (CWE)
References
- security@joomla.org (product)
- security@joomla.org (third-party-advisory)