CVE-2023-4480

See a problem?
Please try reporting it to the source first.

Source

https://cve.org/CVERecord?id=CVE-2023-4480

Import Source

https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2023-4480.json

JSON Data

https://api.test.osv.dev/v1/vulns/CVE-2023-4480

Published

2023-09-05T15:15:42.883Z

Modified

2025-11-15T06:54:09.530990Z

Severity

5.5 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:L/A:N CVSS Calculator

Summary

[none]

Details

Due to an out-of-date dependency in the “Fusion File Manager” component accessible through the admin panel, an attacker can send a crafted request that allows them to read the contents of files on the system accessible within the privileges of the running process. Additionally, they may write files to arbitrary locations, provided the files pass the application’s mime-type and file extension validation.

References

https://www.synopsys.com/blogs/software-security/cyrc-vulnerability-advisory-cve-2023-2453/

Affected packages

Git / github.com/phpfusion/phpfusion

Affected ranges

Type: GIT
Repo: https://github.com/phpfusion/phpfusion
Events: Introduced

0 Unknown introduced commit / All previous commits are affected

Last affected

8ec4e6c98780b615a340ebc6aa6db27500fc8605

Affected versions

v9.*

v9.10.03

v9.10.30

Database specific

source

"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2023-4480.json"