Unknown · Php-Fusion · CVE-2023-4480
**Name of the Vulnerable Software and Affected Versions**
PHP-Fusion versions (affected versions not specified)
**Description**
The issue is related to an out-of-date dependency in the “Fusion File Manager” component, which can be accessed through the admin panel. An attacker can send a crafted request to read the contents of files on the system within the privileges of the running process. Additionally, they may write files to arbitrary locations if the files pass the application’s mime-type and file extension validation.
**Recommendations**
At the moment, there is no information about a newer version that contains a fix for this vulnerability.