cvedb.io
CVE-2021-40188
HIGH · CVSS 7.2
EPSS exploitation probability: 0%
Published 2021-10-11T19:15:07.547 · Last modified 2026-06-17T04:06:39.133

Summary

PHPFusion 9.03.110 is affected by an arbitrary file upload vulnerability. The File Manager function in admin panel does not filter all PHP extensions such as ".php, .php7, .phtml, .php5, ...". An attacker can upload a malicious file and execute code on the server.

Affected products

php-fusion — phpfusion

Does this affect you?

Add your gear to cvedb and we'll alert you only when php-fusion ships something exploited.

Check my exposure →

References

This product uses data from the NVD API but is not endorsed or certified by the NVD. Informational only; not professional security advice.