CVE-2021-40188

HIGH

7.2

CVSS Severity Score

EPSS Score0.0520%

EPSS Percentile38.17th

Published2021年10月11日

Last Modified2024年11月21日

Vulnerability Description

PHPFusion 9.03.110 is affected by an arbitrary file upload vulnerability. The File Manager function in admin panel does not filter all PHP extensions such as ".php, .php7, .phtml, .php5, ...". An attacker can upload a malicious file and execute code on the server.

Affected Platforms (CPE)

📦

Php Fusion

Phpfusion

= 9.03.110

References & Advisories

🔗 https://github.com/PHPFusion/PHPFusion/issues/2372

関連する脆弱性情報

CVE-2021-401897.2

PHPFusion 9.03.110 is affected by a remote code execution vulnerability. The theme function will extract a file to "webroot/themes...

CVE-2020-359526.5

login.php in PHPFusion (aka PHP-Fusion) Andromeda 9.x before 2020-12-30 generates error messages that distinguish between incorrec...

CVE-2020-369966.4

PHPFusion 9.03.50 contains a persistent cross-site scripting vulnerability in the print.php page that fails to properly sanitize u...

CVE-2021-282806.1

CSRF + Cross-site scripting (XSS) vulnerability in search.php in PHPFusion 9.03.110 allows remote attackers to inject arbitrary we...