CVE-2023-4480
published 2023-09-05CVE-2023-4480: Due to an out-of-date dependency in the “Fusion File Manager” component accessible through the admin panel, an attacker can send a crafted request that allows…
PriorityP336medium5.5CVSS 3.1
AVNACLPRHUINSUCHILAN
EPSS
0.57%
43.1th percentile
Due to an out-of-date dependency in the “Fusion File Manager” component accessible through the admin panel, an attacker can send a crafted request that allows them to read the contents of files on the system accessible within the privileges of the running process. Additionally, they may write files to arbitrary locations, provided the files pass the application’s mime-type and file extension validation.
Affected
2 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| php-fusion | phpfusion | <= 9.10.30 | — |
| phpfusion | phpfusion | <= 9.10.30 | — |
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
2023-09-05
Published