Vulnerabilities > CVE-2020-24949 - Unspecified vulnerability in PHP-Fusion 9.03.50

CVSS 8.8 - HIGH

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

LOW

Confidentiality impact

HIGH

Integrity impact

HIGH

Availability impact

HIGH

network

low complexity

php-fusion

NVD

Published: 2020-09-03

Updated: 2021-07-21

Summary

Privilege escalation in PHP-Fusion 9.03.50 downloads/downloads.php allows an authenticated user (not admin) to send a crafted request to the server and perform remote command execution (RCE).

Vulnerable Configurations

Part	Description	Count
Application	Php-Fusion PHP Fusion PHP Fusion 9.03.50	1

References

https://github.com/php-fusion/PHP-Fusion/issues/2312
http://packetstormsecurity.com/files/162852/PHPFusion-9.03.50-Remote-Code-Execution.html