PHPFusion 9.03.110 is affected by a remote code execution vulnerability. The theme function will extract a file to "webroot/themes/{Theme Folder], where an attacker can access and execute arbitrary code.
References
Link | Resource |
---|---|
https://github.com/PHPFusion/PHPFusion/issues/2374 | Exploit Issue Tracking Third Party Advisory |
Configurations
Information
Published : 2021-10-11 12:15
Updated : 2021-10-18 18:09
NVD link : CVE-2021-40189
Mitre link : CVE-2021-40189
JSON object : View
CWE
CWE-434
Unrestricted Upload of File with Dangerous Type
Products Affected
php-fusion
- phpfusion