High severityNVD Advisory· Published Jul 7, 2021· Updated Aug 3, 2024
CVE-2021-28931
CVE-2021-28931
Description
Arbitrary file upload vulnerability in Fork CMS 5.9.2 allows attackers to create or replace arbitrary files in the /themes directory via a crafted zip file uploaded to the Themes panel.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
forkcms/forkcmsPackagist | < 5.9.3 | 5.9.3 |
Affected products
2- Fork/CMSdescription
Patches
Vulnerability mechanics
References
5- github.com/advisories/GHSA-748f-wv76-x9hgghsaADVISORY
- nvd.nist.gov/vuln/detail/CVE-2021-28931ghsaADVISORY
- github.com/bousalman/ForkCMS-arbitrary-upload/blob/main/README.mdghsax_refsource_MISCWEB
- github.com/forkcms/forkcms/pull/3351ghsaWEB
- github.com/forkcms/forkcms/releases/tag/5.9.2ghsax_refsource_MISCWEB
News mentions
0No linked articles in our index yet.