Since 2008, we are constantly providing the highest quality Joomla! extensions on the market.
Backed up by +150K happy customers we decided to offer frontend design solutions well known as Joomla! Templates in order to make the Web a better place.
Explore the power of our extensions the way our +150K Happy Customers did
Administrator Demo Frontend DemoHighly customizable responsive website templates packed with awesome features
Frontend Demo
A critical flaw in the RSFiles! upload function allows unauthenticated file uploads without enforcing any file extension.
What this means is that any attacker, without having an account on your website, can upload a .php file in your /downloads directory and execute it.
The bottom line is: update immediately to RSFiles! 1.17.12 which fixes this along some other not-reported, but less critical security issues.
Fortunately, at the time of writing, the vulnerability is not public information. It has been privately disclosed by the team at mySites.guru which we thank and recommend - they deliver fantastic services. However, as this is now disclosed, this will be exploited in the wild probably in a few hours after the new version has been released.
If you are using RSFirewall!, by default file uploads with a .php extension are silently deleted so you're protected.
Do not rely on firewalls to keep up with this - your immediate action should be to update RSFiles! to the latest release. If updating is not possible, delete /components/com_rsfiles/controllers/rsfiles.php. This will render RSFiles! unusable, but the file contains the affected code so you won't be vulnerable.
Celebrate Independence Day with exclusive RSJoomla! deals! Save big on our premium Joomla! extensions and templates and give your website the tools it deserves.
RSParma! is a brand-new Joomla! 4, 5 and 6 template from RSJoomla!, crafted for businesses, agencies, portfolios, and professional websites. Combining a modern design with flexible customization options and excellent performance, RSParma! makes it easy to build a website that stands out on any device.
10 Jul 2026 Version 1.17.12 Unauthenticated File Upload fixed in RSFiles! version 1.17.12 - update NOW! - read more details on our blog Fixed - A failed permissions check during the frontend file upload allows visitors to upload any type of file. This release...
09 Jul 2026 Version 3.3.13 Added - Protection against Helix Ultimate < 2.2.7 vulnerability. Added - Protection against Balbooa Forms < 2.4.1 vulnerability. Updated - Rewrote 'Login' and 'Forbidden' views into...
12 Jan 2026 Version 1.2.1 Fixed - Module front-end editing button was not displayed correctly. 17 Oct 2025 Version 1.2.0 Updated - Various Joomla! 6 compatibility improvements. 10 Jun 2025 Version 1.1.2 Updated - Social...