exploitDog

CVE-2021-47753

Опубликовано: 15 янв. 2026

Источник: nvd

CVSS3: 9.8

EPSS Низкий

Описание

phpKF CMS 3.00 Beta y6 contains an unauthenticated file upload vulnerability that allows remote attackers to execute arbitrary code by bypassing file extension checks. Attackers can upload a PHP file disguised as a PNG, rename it, and execute system commands through a crafted web shell parameter.

Ссылки

https://www.exploit-db.com/exploits/50610
Exploit
Third Party Advisory
https://www.phpkf.com/
Product
https://www.phpkf.com/indirme.php
Product
https://www.exploit-db.com/exploits/50610
Exploit
Third Party Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:phpkf:cms:3.00:beta_y6:*:*:*:*:*:*

EPSS

Процентиль: 38%

0.0017

Низкий

9.8 Critical

CVSS3

Дефекты

CWE-434

Связанные уязвимости

GHSA-q6vq-8ww2-4v69

CVSS3: 9.8

github

23 дня назад

phpKF CMS 3.00 Beta y6 contains an unauthenticated file upload vulnerability that allows remote attackers to execute arbitrary code by bypassing file extension checks. Attackers can upload a PHP file disguised as a PNG, rename it, and execute system commands through a crafted web shell parameter.

EPSS

Процентиль: 38%

0.0017

Низкий

9.8 Critical

CVSS3

Дефекты

CWE-434