Vulnerability Details CVE-2026-57828
The Joomla extension Phoca Downloads is vulnerable to an authenticated arbitrary file upload that allows registered users uploading executable files and leads to full RCE.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.003
EPSS Ranking 17.0%
CVSS Severity
CVSS v3 Score 8.8
Products affected by CVE-2026-57828
-
cpe:2.3:a:phoca:download:*