The Joomla extension Phoca Downloads is vulnerable to an authenticated arbitrary file upload that allows registered users uploading executable files and leads to full RCE.CreditsPhil TaylorReferenceshttps://www.phoca.cz/phocadownloadhttps://mysites.guru/blog/phoca-download-authenticated-file-upload-rce/