Unrated severityNVD Advisory· Published Sep 5, 2023· Updated Sep 26, 2024

Arbitrary File Read in Fusion File Manager

CVE-2023-4480

Description

Due to an out-of-date dependency in the “Fusion File Manager” component accessible through the admin panel, an attacker can send a crafted request that allows them to read the contents of files on the system accessible within the privileges of the running process. Additionally, they may write files to arbitrary locations, provided the files pass the application’s mime-type and file extension validation.

Affected products

Phpfusion/Phpfusionv5
Range: 0

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

www.synopsys.com/blogs/software-security/cyrc-vulnerability-advisory-cve-2023-2453/mitre

News mentions

No linked articles in our index yet.

cvss	0.000
epss	0.000
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000