Privilege escalation in PHP-Fusion 9.03.50 downloads/downloads.php allows an authenticated user (not admin) to send a crafted request to the server and perform remote command execution (RCE).
References
Link | Resource |
---|---|
http://packetstormsecurity.com/files/162852/PHPFusion-9.03.50-Remote-Code-Execution.html | Exploit Third Party Advisory VDB Entry |
https://github.com/php-fusion/PHP-Fusion/issues/2312 | Exploit Third Party Advisory |
http://packetstormsecurity.com/files/162852/PHPFusion-9.03.50-Remote-Code-Execution.html | Exploit Third Party Advisory VDB Entry |
https://github.com/php-fusion/PHP-Fusion/issues/2312 | Exploit Third Party Advisory |
Configurations
History
21 Nov 2024, 05:16
Type | Values Removed | Values Added |
---|---|---|
References | () http://packetstormsecurity.com/files/162852/PHPFusion-9.03.50-Remote-Code-Execution.html - Exploit, Third Party Advisory, VDB Entry | |
References | () https://github.com/php-fusion/PHP-Fusion/issues/2312 - Exploit, Third Party Advisory |
01 Jun 2021, 17:17
Type | Values Removed | Values Added |
---|---|---|
References | (MISC) http://packetstormsecurity.com/files/162852/PHPFusion-9.03.50-Remote-Code-Execution.html - Exploit, Third Party Advisory, VDB Entry |
28 May 2021, 16:15
Type | Values Removed | Values Added |
---|---|---|
References |
|
Information
Published : 2020-09-03 14:15
Updated : 2024-11-21 05:16
NVD link : CVE-2020-24949
Mitre link : CVE-2020-24949
CVE.ORG link : CVE-2020-24949
JSON object : View
Products Affected
php-fusion
- php-fusion
CWE