CyberSec.Space Logo
CVEブラウザに戻る

CVE-2020-24949

HIGH
8.8
CVSS Severity Score
EPSS Score0.0720%
EPSS Percentile21.78th
Published2020年9月3日
Last Modified2024年11月21日

Vulnerability Description

Privilege escalation in PHP-Fusion 9.03.50 downloads/downloads.php allows an authenticated user (not admin) to send a crafted request to the server and perform remote command execution (RCE).

Affected Platforms (CPE)

📦
Php Fusion

Php Fusion

= 9.03.50

References & Advisories

🔗 http://packetstormsecurity.com/files/162852/PHPFusion-9.03.50-Remote-Code-Execution.html
🔗 https://github.com/php-fusion/PHP-Fusion/issues/2312
🔗 http://packetstormsecurity.com/files/162852/PHPFusion-9.03.50-Remote-Code-Execution.html
🔗 https://github.com/php-fusion/PHP-Fusion/issues/2312

関連する脆弱性情報

CVE-2010-493110.0

Directory traversal vulnerability in maincore.php in PHP-Fusion allows remote attackers to include and execute arbitrary local fil...

CVE-2020-289049.8

Execution with Unnecessary Privileges in Nagios Fusion 4.1.8 and earlier allows for Privilege Escalation as nagios via installatio...

CVE-2020-237549.6

Cross Site Scripting (XSS) vulnerability in infusions/member_poll_panel/poll_admin.php in PHP-Fusion 9.03.50, allows attackers to ...

CVE-2020-124618.8

PHP-Fusion 9.03.50 allows SQL Injection because maincore.php has an insufficient protection mechanism. An attacker can develop a c...