PHPFusion 9.03.110 is affected by an arbitrary file upload vulnerability. The File Manager function in admin panel does not filter all PHP extensions such as ".php, .php7, .phtml, .php5, ...". An attacker can upload a malicious file and execute code on the server.
References
Link | Resource |
---|---|
https://github.com/PHPFusion/PHPFusion/issues/2372 | Exploit Issue Tracking Third Party Advisory |
https://github.com/PHPFusion/PHPFusion/issues/2372 | Exploit Issue Tracking Third Party Advisory |
Configurations
History
21 Nov 2024, 06:23
Type | Values Removed | Values Added |
---|---|---|
References | () https://github.com/PHPFusion/PHPFusion/issues/2372 - Exploit, Issue Tracking, Third Party Advisory |
18 Oct 2021, 18:21
Type | Values Removed | Values Added |
---|---|---|
CVSS |
v2 : v3 : |
v2 : 6.5
v3 : 7.2 |
References | (MISC) https://github.com/PHPFusion/PHPFusion/issues/2372 - Exploit, Issue Tracking, Third Party Advisory | |
CPE | cpe:2.3:a:php-fusion:phpfusion:9.03.110:*:*:*:*:*:*:* | |
CWE | CWE-434 |
11 Oct 2021, 19:15
Type | Values Removed | Values Added |
---|---|---|
New CVE |
Information
Published : 2021-10-11 19:15
Updated : 2024-11-21 06:23
NVD link : CVE-2021-40188
Mitre link : CVE-2021-40188
CVE.ORG link : CVE-2021-40188
JSON object : View
Products Affected
php-fusion
- phpfusion
CWE
CWE-434
Unrestricted Upload of File with Dangerous Type