CVE-2021-47783

Published: Jan 16, 2026Modified: Feb 9, 2026

5.3

Vector

CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:XShow less

Source: disclosure@vulncheck.com (Secondary)

Description

Phpwcms 1.9.30 contains a file upload vulnerability that allows authenticated attackers to upload malicious SVG files with embedded JavaScript. Attackers can upload crafted SVG payloads through the multiple file upload feature to potentially execute cross-site scripting attacks on the platform.

Affected (1)

Products: Phpwcms: Phpwcms

Phpwcms

1 product

Phpwcms

Configuration A

1 vulnerable

Vulnerable Software	Affected Versions
Phpwcms Phpwcms	Version 1.9.30

Related CWEs

CWE-434

Unrestricted Upload of File with Dangerous Type

The product allows the upload or transfer of dangerous file types that are automatically processed within its environment.

References (4)

http://www.phpwcms.org/

Source: disclosure@vulncheck.com

Product

https://www.exploit-db.com/exploits/50363

Source: disclosure@vulncheck.com

ExploitVDB Entry

https://www.vulncheck.com/advisories/phpwcms-arbitrary-file-upload

Source: disclosure@vulncheck.com

Third Party Advisory

https://www.exploit-db.com/exploits/50363

Source: 134c704f-9b21-4f2e-91b3-4a467353bcc0

ExploitVDB Entry

Timeline (13)

2/9/2026

5 changes

Initial Analysis - Reference Type

02:52 PM

- -
+ CISA-ADP: https://www.exploit-db.com/exploits/50363 Types: Exploit, VDB Entry

Initial Analysis - Reference Type

02:52 PM

- -
+ VulnCheck: https://www.vulncheck.com/advisories/phpwcms-arbitrary-file-upload Types: Third Party Advisory

Initial Analysis - Reference Type

02:52 PM

- -
+ VulnCheck: https://www.exploit-db.com/exploits/50363 Types: Exploit, VDB Entry

Initial Analysis - Reference Type

02:52 PM

- -
+ VulnCheck: http://www.phpwcms.org/ Types: Product

Initial Analysis - CPE Configuration

02:52 PM

- -
+ OR
          *cpe:2.3:a:phpwcms:phpwcms:1.9.30:*:*:*:*:*:*:*

1/16/2026

8 changes

CVE Modified - Reference

10:16 PM

- -
+ https://www.exploit-db.com/exploits/50363

New CVE Received - Reference

12:16 AM

- -
+ https://www.vulncheck.com/advisories/phpwcms-arbitrary-file-upload

New CVE Received - Reference

12:16 AM

- -
+ https://www.exploit-db.com/exploits/50363

New CVE Received - Reference

12:16 AM

- -
+ http://www.phpwcms.org/

New CVE Received - CWE

12:16 AM

- -
+ CWE-434

New CVE Received - CVSS V3.1

12:16 AM

- -
+ AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

New CVE Received - CVSS V4.0

12:16 AM

- -
+ AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

New CVE Received - Description

12:16 AM

- -
+ Phpwcms 1.9.30 contains a file upload vulnerability that allows authenticated attackers to upload malicious SVG files with embedded JavaScript. Attackers can upload crafted SVG payloads through the multiple file upload feature to potentially execute cross-site scripting attacks on the platform.