CVE-2021-40188

Published: Oct 11, 2021Modified: Nov 21, 2024

7.2

Vector

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

Exploitability: 1.2 / Impact: 5.9

Source: NVD

Description

PHPFusion 9.03.110 is affected by an arbitrary file upload vulnerability. The File Manager function in admin panel does not filter all PHP extensions such as ".php, .php7, .phtml, .php5, ...". An attacker can upload a malicious file and execute code on the server.

Affected (1)

Products: Php Fusion: Phpfusion

1 product

Configuration A

1 vulnerable

Vulnerable Software	Affected Versions
Php Fusion Phpfusion	Version 9.03.110

Related CWEs

Unrestricted Upload of File with Dangerous Type

The product allows the upload or transfer of dangerous file types that are automatically processed within its environment.

References (2)

https://github.com/PHPFusion/PHPFusion/issues/2372

Source: cve@mitre.org

ExploitIssue TrackingThird Party Advisory

https://github.com/PHPFusion/PHPFusion/issues/2372

Source: af854a3a-2127-422b-91ae-364da2661108

ExploitIssue TrackingThird Party Advisory

Timeline

No history available yet.