CVE-2023-4480
MEDIUM EPSS 43.1%
Published Sep 5, 20232y ago · Modified Jun 17, 20262w ago
5.5 CVSS 3.1
Published Sep 5, 2023 2y ago
Last Modified Jun 17, 2026 2w ago
Description
Due to an out-of-date dependency in the “Fusion File Manager” component accessible through the admin panel, an attacker can send a crafted request that allows them to read the contents of files on the system accessible within the privileges of the running process. Additionally, they may write files to arbitrary locations, provided the files pass the application’s mime-type and file extension validation.
CVSS Details
Base Score
Exploitability
Impact
Vector string
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:L/A:N Attack Vector Network
Attack Complexity Low
Privileges Required High
User Interaction None
Scope Unchanged
Confidentiality High
Integrity Low
Availability None
Threat Intelligence
EPSS Exploit Probability
43.1% percentile
Exploit & Patch Status
No Known Exploit
No Patch Available
Weaknesses 2
CWE-22 Path Traversal Resource Mgmt
CWE-538
Affected Products 1
| Vendor | Product | Version | Range |
|---|---|---|---|
| php-fusion | phpfusion | * | ≤9.10.30 |
References 1
- synopsys.com https://www.synopsys.com/blogs/software-security/cyrc-vulnerability-advisory-cve-2023-2453/
Remediation
No remediation data recorded yet
Check vendor advisories and the NVD entry for patch availability.