← voltar
CVE-2021-47783

Phpwcms 1.9.30 - Arbitrary File Upload

CVSS 5.3 MEDIUMEPSS 0.3%CWE-434
Phpwcms 1.9.30 contains a file upload vulnerability that allows authenticated attackers to upload malicious SVG files with embedded JavaScript. Attackers can upload crafted SVG payloads through the multiple file upload feature to potentially execute cross-site scripting attacks on the platform.
CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N
Produtos afetados
Phpwcms · Phpwcms

Quer saber se a sua infraestrutura está exposta a isto?

Falar com a TrueHacking →
Referências
https://www.exploit-db.com/exploits/50363https://www.vulncheck.com/advisories/phpwcms-arbitrary-file-uploadhttp://www.phpwcms.org/