CVE-2025-54473
CVE-2025-54473 is an authenticated remote code execution flaw in Phoca Commander for Joomla, affecting versions 1.0.0–4.0.0 and 5.0.0–5.0.1. The issue arises from the unzip feature, enabling code execution after authentication. The CVSSv4 base score is 9.2 (CRITICAL) with high impact to confident...