PT-2020-15866 · Php Fusion · Php-Fusion

Published

2020-09-03

Updated

2021-07-21

CVE-2020-24949

CVSS v2.0

9.0

High

Vector

AV:N/AC:L/Au:S/C:C/I:C/A:C

Name of the Vulnerable Software and Affected Versions PHP-Fusion version 9.03.50

Description The issue allows an authenticated user to send a crafted request to the server, enabling them to perform remote command execution. This is a result of a privilege escalation flaw in the downloads/downloads.php file.

Recommendations For PHP-Fusion version 9.03.50, as a temporary workaround, consider restricting access to the downloads/downloads.php file until a patch is available. Avoid using this file for downloads until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Exploit

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Related Identifiers

CVE-2020-24949

Affected Products

Php-Fusion

PT-2020-15866 · Php Fusion · Php-Fusion

CVE-2020-24949

Related Identifiers

Affected Products

References · 6