"Researchers Discover Critical Vulnerability in PHPFusion CMS"

Researchers have discovered what they describe as a critical vulnerability in the open-source Content Management System (CMS) PHPFusion, which is widely used. The vulnerability, tracked as CVE-2023-2453, is an authenticated local file inclusion flaw that enables Remote Code Execution (RCE) if an attacker can upload a maliciously crafted ".php" file to a known path on a target system. It is one of two vulnerabilities recently discovered in PHPFusion by Synopsys researchers. The other vulnerability, tracked as CVE-2023-4480, is a moderate-severity bug in the CMS that allows attackers to read the contents of files on an affected system and write files to arbitrary locations on it. This article continues to discuss the critical vulnerability found in the PHPFusion open-source CMS.

Dark Reading reports "Researchers Discover Critical Vulnerability in PHPFusion CMS"