Mysites.Guru
Critical Unauthenticated File Upload Vulnerability in RSFiles! Fixed
Ask AI about this cluster
Analyzing cluster data...
Referenced clusters:
Something went wrong. Please try again.
Cluster AI
Ask questions about this threat cluster with AI-powered analysis.
Get Researcher $29.99/moArticle Content
A severe unauthenticated file upload vulnerability was discovered in RSFiles! up to version 1.17.11, allowing attackers to upload malicious files, including .php scripts, to the public downloads directory. This flaw enables remote code execution without authentication, posing a significant risk to Joomla sites using RSFiles!. RSJoomla released a patch in version 1.17.12 on July 10, 2026, urging users to update immediately. The vulnerability was identified during a source code audit and has been privately disclosed, with a CVE request pending. Administrators are advised to check for unauthorized files and accounts post-update. The exploit is expected to be actively targeted following the public disclosure of the vulnerability.
Key Points: • RSFiles! versions up to 1.17.11 are vulnerable to unauthenticated file uploads. • Attackers can execute uploaded .php files, leading to remote code execution. • Immediate update to version 1.17.12 is critical to mitigate risks.