CVE-2021-47753

Name of the Vulnerable Software and Affected Versions phpKF CMS version 3.00 Beta y6

Description The software contains an unauthenticated file upload issue that enables remote attackers to execute arbitrary code. This is achieved by bypassing file extension checks, allowing attackers to upload a PHP file disguised as a PNG. After uploading, the file can be renamed and used to execute system commands through a crafted web shell parameter.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.