CVE-2021-40188

PHPFusion 9.03.110 is affected by an arbitrary file upload vulnerability. The File Manager function in admin panel does not filter all PHP extensions such as ".php, .php7, .phtml, .php5, ...". An attacker can upload a malicious file and execute code on the server.
References
Link Resource
https://github.com/PHPFusion/PHPFusion/issues/2372 Exploit Issue Tracking Third Party Advisory
https://github.com/PHPFusion/PHPFusion/issues/2372 Exploit Issue Tracking Third Party Advisory
Configurations

Configuration 1 (hide)

cpe:2.3:a:php-fusion:phpfusion:9.03.110:*:*:*:*:*:*:*

History

21 Nov 2024, 06:23

Type Values Removed Values Added
References () https://github.com/PHPFusion/PHPFusion/issues/2372 - Exploit, Issue Tracking, Third Party Advisory () https://github.com/PHPFusion/PHPFusion/issues/2372 - Exploit, Issue Tracking, Third Party Advisory

18 Oct 2021, 18:21

Type Values Removed Values Added
CVSS v2 : unknown
v3 : unknown
v2 : 6.5
v3 : 7.2
References (MISC) https://github.com/PHPFusion/PHPFusion/issues/2372 - (MISC) https://github.com/PHPFusion/PHPFusion/issues/2372 - Exploit, Issue Tracking, Third Party Advisory
CPE cpe:2.3:a:php-fusion:phpfusion:9.03.110:*:*:*:*:*:*:*
CWE CWE-434

11 Oct 2021, 19:15

Type Values Removed Values Added
New CVE

Information

Published : 2021-10-11 19:15

Updated : 2024-11-21 06:23


NVD link : CVE-2021-40188

Mitre link : CVE-2021-40188

CVE.ORG link : CVE-2021-40188


JSON object : View

Products Affected

php-fusion

  • phpfusion
CWE
CWE-434

Unrestricted Upload of File with Dangerous Type