What is the severity of CVE-2023-2453?

The severity of CVE-2023-2453 is high with a CVSS score of 8.8.

What is the impact of CVE-2023-2453?

The impact of CVE-2023-2453 is the inclusion and execution of arbitrary files with the '.php' extension whose absolute path is known.

Which version of Php-fusion is affected by CVE-2023-2453?

Php-fusion version up to and including 9.10.30 is affected by CVE-2023-2453.

How can I mitigate the vulnerability CVE-2023-2453?

To mitigate the vulnerability CVE-2023-2453, ensure proper sanitization of file names and avoid directly concatenating tainted file names with a path that is subsequently passed to a 'require_once' statement.

Vulnerability/
CVE-2023-2453

high

8.8

CWE

829

5/9/2023

27/9/2024

CVE-2023-2453: Local file Inclusion (LFI) in Forum Infusion via Directory Traversal

Q: How does the vulnerability CVE-2023-2453 occur?

The vulnerability CVE-2023-2453 occurs due to insufficient sanitization of tainted file names that are directly concatenated with a path.

First published: Tue Sep 05 2023(Updated: )

There is insufficient sanitization of tainted file names that are directly concatenated with a path that is subsequently passed to a ‘require_once’ statement. This allows arbitrary files with the ‘.php’ extension for which the absolute path is known to be included and executed. There are no known means in PHPFusion through which an attacker can upload and target a ‘.php’ file payload.

Credit: disclosure@synopsys.com disclosure@synopsys.com

Affected Software	Affected Version	How to fix
Php-fusion Phpfusion	<=9.10.30

Never miss a vulnerability like this again

Reference Links

https://www.synopsys.com/blogs/software-security/cyrc-vulnerability-advisory-cve-2023-2453/

Frequently Asked Questions

What is the severity of CVE-2023-2453?
The severity of CVE-2023-2453 is high with a CVSS score of 8.8.
How does the vulnerability CVE-2023-2453 occur?
The vulnerability CVE-2023-2453 occurs due to insufficient sanitization of tainted file names that are directly concatenated with a path.
What is the impact of CVE-2023-2453?
The impact of CVE-2023-2453 is the inclusion and execution of arbitrary files with the '.php' extension whose absolute path is known.
Which version of Php-fusion is affected by CVE-2023-2453?
Php-fusion version up to and including 9.10.30 is affected by CVE-2023-2453.
How can I mitigate the vulnerability CVE-2023-2453?
To mitigate the vulnerability CVE-2023-2453, ensure proper sanitization of file names and avoid directly concatenating tainted file names with a path that is subsequently passed to a 'require_once' statement.

collector/nvd-api
collector/nvd-index
agent/author
agent/type
agent/softwarecombine
collector/mitre-cve
source/MITRE
agent/last-modified-date
agent/severity
agent/weakness
agent/title
agent/references
agent/tags
agent/description
agent/first-publish-date
agent/event
vendor/php-fusion
canonical/php-fusion phpfusion
version/php-fusion phpfusion/9.10.30

Company

Resources

Contact

SecAlerts Pty Ltd.
132 Wickham Terrace
Fortitude Valley,
QLD 4006, Australia
info@secalerts.co

By using SecAlerts services, you agree to our services end-user license agreement. This website is safeguarded by reCAPTCHA and governed by the Google Privacy Policy and Terms of Service. All names, logos, and brands of products are owned by their respective owners, and any usage of these names, logos, and brands for identification purposes only does not imply endorsement. If you possess any content that requires removal, please get in touch with us.