exploitDog

CVE-2021-40188

Опубликовано: 11 окт. 2021

Источник: nvd

CVSS3: 7.2

CVSS2: 6.5

EPSS Низкий

Описание

PHPFusion 9.03.110 is affected by an arbitrary file upload vulnerability. The File Manager function in admin panel does not filter all PHP extensions such as ".php, .php7, .phtml, .php5, ...". An attacker can upload a malicious file and execute code on the server.

Ссылки

https://github.com/PHPFusion/PHPFusion/issues/2372
Exploit
Issue Tracking
Third Party Advisory
https://github.com/PHPFusion/PHPFusion/issues/2372
Exploit
Issue Tracking
Third Party Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:php-fusion:phpfusion:9.03.110:*:*:*:*:*:*:*

EPSS

Процентиль: 74%

0.00833

Низкий

7.2 High

CVSS3

6.5 Medium

CVSS2

Дефекты

CWE-434

Связанные уязвимости

GHSA-9mmf-c22v-7fqp

github

больше 3 лет назад

PHPFusion 9.03.110 is affected by an arbitrary file upload vulnerability. The File Manager function in admin panel does not filter all PHP extensions such as ".php, .php7, .phtml, .php5, ...". An attacker can upload a malicious file and execute code on the server.

EPSS

Процентиль: 74%

0.00833

Низкий

7.2 High

CVSS3

6.5 Medium

CVSS2

Дефекты

CWE-434