Arbitrary file upload in Phoca.cz Phoca Download Extension For Joomla

CVE-2026-57828

The Joomla extension Phoca Downloads is vulnerable to an authenticated arbitrary file upload that allows registered users uploading executable files and leads to full RCE.

Vulnerability class: Unrestricted File Upload

Affected products

Weakness classification (CWE)

References