← volver
CVE-2021-47783

Phpwcms 1.9.30 - Arbitrary File Upload

CVSS 5.3 MEDIUMEPSS 0.3%CWE-434
Phpwcms 1.9.30 contains a file upload vulnerability that allows authenticated attackers to upload malicious SVG files with embedded JavaScript. Attackers can upload crafted SVG payloads through the multiple file upload feature to potentially execute cross-site scripting attacks on the platform.
CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N
Productos afectados
Phpwcms · Phpwcms

¿Quieres saber si tu infraestructura está expuesta a esto?

Hablar con TrueHacking →
Referencias
https://www.exploit-db.com/exploits/50363https://www.vulncheck.com/advisories/phpwcms-arbitrary-file-uploadhttp://www.phpwcms.org/