What is CVE-2023-4480?

CVE-2023-4480 is a vulnerability in the "Fusion File Manager" component of Php-fusion that allows an attacker to read and write files on the system.

How can an attacker exploit CVE-2023-4480?

An attacker can exploit CVE-2023-4480 by sending a crafted request to the "Fusion File Manager" component accessible through the admin panel.

What is the severity of CVE-2023-4480?

CVE-2023-4480 has a severity level of medium with a CVSS score of 5.5.

Which software versions are affected by CVE-2023-4480?

Php-fusion versions up to and including 9.10.30 are affected by CVE-2023-4480.

Are there any references for CVE-2023-4480?

Yes, you can find more information about CVE-2023-4480 at the following link: [CVE-2023-4480 Reference](https://www.synopsys.com/blogs/software-security/cyrc-vulnerability-advisory-cve-2023-2453/).

Vulnerability/
CVE-2023-4480

medium

5.5

CWE

22 538

5/9/2023

21/11/2024

CVE-2023-4480: Arbitrary File Read in Fusion File Manager

First published: Tue Sep 05 2023(Updated: )

Due to an out-of-date dependency in the “Fusion File Manager” component accessible through the admin panel, an attacker can send a crafted request that allows them to read the contents of files on the system accessible within the privileges of the running process. Additionally, they may write files to arbitrary locations, provided the files pass the application’s mime-type and file extension validation.

Credit: disclosure@synopsys.com disclosure@synopsys.com

Affected Software	Affected Version	How to fix
Php-fusion Phpfusion	<=9.10.30
	<=9.10.30

Never miss a vulnerability like this again

Reference Links

https://www.synopsys.com/blogs/software-security/cyrc-vulnerability-advisory-cve-2023-2453/

Frequently Asked Questions

What is CVE-2023-4480?
CVE-2023-4480 is a vulnerability in the "Fusion File Manager" component of Php-fusion that allows an attacker to read and write files on the system.
How can an attacker exploit CVE-2023-4480?
An attacker can exploit CVE-2023-4480 by sending a crafted request to the "Fusion File Manager" component accessible through the admin panel.
What is the severity of CVE-2023-4480?
CVE-2023-4480 has a severity level of medium with a CVSS score of 5.5.
Which software versions are affected by CVE-2023-4480?
Php-fusion versions up to and including 9.10.30 are affected by CVE-2023-4480.
Are there any references for CVE-2023-4480?
Yes, you can find more information about CVE-2023-4480 at the following link: [CVE-2023-4480 Reference](https://www.synopsys.com/blogs/software-security/cyrc-vulnerability-advisory-cve-2023-2453/).

collector/nvd-index
agent/author
agent/type
agent/references
agent/title
agent/severity
agent/weakness
agent/description
agent/first-publish-date
collector/mitre-cve
source/MITRE
collector/nvd-api
source/NVD
agent/software-canonical-lookup
agent/last-modified-date
agent/softwarecombine
agent/tags
agent/event
vendor/php-fusion
canonical/php-fusion phpfusion
version/php-fusion phpfusion/9.10.30

Company

Resources

Contact

SecAlerts Pty Ltd.
132 Wickham Terrace
Fortitude Valley,
QLD 4006, Australia
info@secalerts.co

By using SecAlerts services, you agree to our services end-user license agreement. This website is safeguarded by reCAPTCHA and governed by the Google Privacy Policy and Terms of Service. All names, logos, and brands of products are owned by their respective owners, and any usage of these names, logos, and brands for identification purposes only does not imply endorsement. If you possess any content that requires removal, please get in touch with us.