Description


PHPFusion 9.03.110 is affected by an arbitrary file upload vulnerability. The File Manager function in admin panel does not filter all PHP extensions such as ".php, .php7, .phtml, .php5, ...". An attacker can upload a malicious file and execute code on the server.

Related CPE's


References


https://github.com/PHPFusion/PHPFusion/issues/2372

ExploitIssue TrackingThird Party Advisory

Weaknesses



CWE-434

CVSS impact metrics


CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

7.2 · High

  • CVSS V3.1

  • CVSS V3.0

  • CVSS V2.0

Information


Source identifier

[email protected]

Vulnerability status

Analyzed

Published

2021-10-11T19:15:07.547

3 years ago

Last modified

2021-10-18T18:21:43.177

3 years ago