CVE-2023-4480

Name of the Vulnerable Software and Affected Versions PHP-Fusion versions (affected versions not specified)

Description The issue is related to an out-of-date dependency in the “Fusion File Manager” component, which can be accessed through the admin panel. An attacker can send a crafted request to read the contents of files on the system within the privileges of the running process. Additionally, they may write files to arbitrary locations if the files pass the application’s mime-type and file extension validation.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.