CVE-2023-2453

Name of the Vulnerable Software and Affected Versions PHPFusion (affected versions not specified)

Description The issue is related to insufficient sanitization of tainted file names that are directly concatenated with a path and subsequently passed to a require once statement. This allows arbitrary files with the .php extension, for which the absolute path is known, to be included and executed. There are no known means in PHPFusion through which an attacker can upload and target a .php file payload. The vulnerability may allow remote code execution if an attacker can upload a maliciously crafted ".php" file to a known path on a target system.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.