Researchers Discover Critical Vulnerability in PHPFusion CMS
06-Sep-23
The reasonably popular PHPFusion open source content management system (CMS) has a significant vulnerability that security researchers have identified. The CVE-2023-2453 authenticated local file inclusion bug enables remote code execution if an attacker can upload a specially crafted “.php” file to a recognized path on a victim system.
It is one of two vulnerabilities in PHPFusion that Synopsys researchers recently found. The other vulnerability affects the CMS and is moderate in severity. It allows attackers to read the contents of files on a vulnerable machine and even write files to arbitrary locations on it.
