CVE-2021-40188: Malicious File Upload
First published: Mon Oct 11 2021(Updated: )
PHPFusion 9.03.110 is affected by an arbitrary file upload vulnerability. The File Manager function in admin panel does not filter all PHP extensions such as ".php, .php7, .phtml, .php5, ...". An attacker can upload a malicious file and execute code on the server.
Credit: cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Php-fusion Phpfusion | =9.03.110 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is CVE-2021-40188?
CVE-2021-40188 is an arbitrary file upload vulnerability affecting PHPFusion 9.03.110.
How does the arbitrary file upload vulnerability in PHPFusion 9.03.110 work?
The File Manager function in the admin panel of PHPFusion 9.03.110 does not filter certain PHP extensions, allowing an attacker to upload a malicious file and execute code on the server.
What is the severity of CVE-2021-40188?
CVE-2021-40188 has a severity rating of 7.2 (high).
How can I fix the arbitrary file upload vulnerability in PHPFusion 9.03.110?
To fix the vulnerability, you should update PHPFusion to a version that includes the necessary security patches.
Where can I find more information about CVE-2021-40188?
You can find more information about CVE-2021-40188 at the following reference link: [GitHub Issue #2372](https://github.com/PHPFusion/PHPFusion/issues/2372).
- collector/nvd-index
- agent/weakness
- agent/severity
- agent/author
- agent/event
- agent/references
- agent/type
- agent/description
- agent/last-modified-date
- agent/softwarecombine
- agent/first-publish-date
- agent/tags
- collector/mitre-cve
- source/MITRE
- vendor/php-fusion
- canonical/php-fusion phpfusion
- version/php-fusion phpfusion/9.03.110