CVE-2021-40189

HIGH

7.2

CVSS Severity Score

EPSS Score0.1090%

EPSS Percentile24.22th

PublishedOct 11, 2021

Last ModifiedNov 21, 2024

Vulnerability Description

PHPFusion 9.03.110 is affected by a remote code execution vulnerability. The theme function will extract a file to "webroot/themes/{Theme Folder], where an attacker can access and execute arbitrary code.

Affected Platforms (CPE)

📦

Php Fusion

Phpfusion

= 9.03.110

References & Advisories

🔗 https://github.com/PHPFusion/PHPFusion/issues/2374

Related Vulnerabilities

CVE-2021-401887.2

PHPFusion 9.03.110 is affected by an arbitrary file upload vulnerability. The File Manager function in admin panel does not filter...

CVE-2020-359526.5

login.php in PHPFusion (aka PHP-Fusion) Andromeda 9.x before 2020-12-30 generates error messages that distinguish between incorrec...

CVE-2020-369966.4

PHPFusion 9.03.50 contains a persistent cross-site scripting vulnerability in the print.php page that fails to properly sanitize u...

CVE-2021-282806.1

CSRF + Cross-site scripting (XSS) vulnerability in search.php in PHPFusion 9.03.110 allows remote attackers to inject arbitrary we...