Vulnerabilities (CVE)

Filtered by vendor Php-fusion Subscribe

Filtered by product Phpfusion

CVSS v3 Filter

ALL

NONE (0.0) LOW (0.1 - 3.9) MEDIUM (4.0 - 6.9) HIGH (7.0 - 8.9) CRITICAL (9.0 - 10.0)

Search

Total 2 CVE

CVE	Vendors	Products	Updated	CVSS v2	CVSS v3
CVE-2021-40189	1 Php-fusion	1 Phpfusion	2021-10-19	6.5 MEDIUM	7.2 HIGH
PHPFusion 9.03.110 is affected by a remote code execution vulnerability. The theme function will extract a file to "webroot/themes/{Theme Folder], where an attacker can access and execute arbitrary code.
CVE-2021-40188	1 Php-fusion	1 Phpfusion	2021-10-18	6.5 MEDIUM	7.2 HIGH
PHPFusion 9.03.110 is affected by an arbitrary file upload vulnerability. The File Manager function in admin panel does not filter all PHP extensions such as ".php, .php7, .phtml, .php5, ...". An attacker can upload a malicious file and execute code on the server.