{"id":16844,"date":"2023-09-06T13:29:06","date_gmt":"2023-09-06T13:29:06","guid":{"rendered":"http:\/\/www.namorgy.com\/blog\/?p=16844"},"modified":"2023-09-06T13:34:01","modified_gmt":"2023-09-06T13:34:01","slug":"critical-vulnerability-in-phpfusion-cms","status":"publish","type":"post","link":"http:\/\/www.namorgy.com\/blog\/2023\/09\/06\/critical-vulnerability-in-phpfusion-cms\/","title":{"rendered":"Critical Vulnerability in PHPFusion CMS Discovered"},"content":{"rendered":"\n

By Jai Vijayan<\/a><\/p>\n\n\n\n

No patch is available yet for the bug, which can enable remote code execution<\/p>\n\n\n\n

\"\"\/<\/figure>\n\n\n\n

Security researchers have discovered what they described as a critical vulnerability in the relatively widely used PHPFusion open source content management system (CMS).<\/p>\n\n\n\n

The authenticated local file inclusion flaw, identified as CVE-2023-2453<\/a>, allows for remote code execution if an attacker can upload a maliciously crafted “.php” file to a known path on a target system.<\/p>\n\n\n\n

It is one of two vulnerabilities that researchers at Synopsys discovered recently<\/a> in PHPFusion. The other flaw, tracked as CVE-2023-4480, is a moderate-severity bug in the CMS that gives attackers a way to read the contents of files on an affected system and also to write files to arbitrary locations on it.<\/p>\n\n\n\n

The vulnerabilities exist in versions 9.10.30 of PHPFusion and earlier. No patch is currently available for either flaw.<\/p>\n\n\n\n

Read more at: https:\/\/www.darkreading.com\/application-security\/researchers-discover-critical-vulnerability-in-phpfusion-cms<\/a><\/p>\n\n\n\n

\nhttps:\/\/www.darkreading.com\/application-security\/researchers-discover-critical-vulnerability-in-phpfusion-cms\n<\/div><\/figure>\n","protected":false},"excerpt":{"rendered":"

By Jai Vijayan No patch is available yet for the bug, which can enable remote code execution Security researchers have discovered what they described as a critical vulnerability in the …<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"closed","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"sfsi_plus_gutenberg_text_before_share":"","sfsi_plus_gutenberg_show_text_before_share":"","sfsi_plus_gutenberg_icon_type":"","sfsi_plus_gutenberg_icon_alignemt":"","sfsi_plus_gutenburg_max_per_row":"","footnotes":""},"categories":[1],"tags":[],"class_list":["post-16844","post","type-post","status-publish","format-standard","hentry","category-uncategorized"],"yoast_head":"\nCritical Vulnerability in PHPFusion CMS Discovered -<\/title>\n<meta name=\"description\" content=\"Critical Vulnerability in PHPFusion CMS\" \/>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"http:\/\/www.namorgy.com\/blog\/2023\/09\/06\/critical-vulnerability-in-phpfusion-cms\/\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"Critical Vulnerability in PHPFusion CMS Discovered -\" \/>\n<meta property=\"og:description\" content=\"Critical Vulnerability in PHPFusion CMS\" \/>\n<meta property=\"og:url\" content=\"http:\/\/www.namorgy.com\/blog\/2023\/09\/06\/critical-vulnerability-in-phpfusion-cms\/\" \/>\n<meta property=\"article:published_time\" content=\"2023-09-06T13:29:06+00:00\" \/>\n<meta property=\"article:modified_time\" content=\"2023-09-06T13:34:01+00:00\" \/>\n<meta property=\"og:image\" content=\"https:\/\/eu-images.contentstack.com\/v3\/assets\/blt66983808af36a8ef\/blteb243765377478db\/64f797adf7b4012e6ba3cc04\/php_BEST-BACKGROUNDS_shutterstock.jpg?quality=80&format=webply&width=690\" \/>\n<meta name=\"author\" content=\"Namorgy\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:label1\" content=\"Written by\" \/>\n\t<meta name=\"twitter:data1\" content=\"Namorgy\" \/>\n\t<meta name=\"twitter:label2\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data2\" content=\"1 minute\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\\\/\\\/schema.org\",\"@graph\":[{\"@type\":\"Article\",\"@id\":\"http:\\\/\\\/www.namorgy.com\\\/blog\\\/2023\\\/09\\\/06\\\/critical-vulnerability-in-phpfusion-cms\\\/#article\",\"isPartOf\":{\"@id\":\"http:\\\/\\\/www.namorgy.com\\\/blog\\\/2023\\\/09\\\/06\\\/critical-vulnerability-in-phpfusion-cms\\\/\"},\"author\":{\"name\":\"Namorgy\",\"@id\":\"http:\\\/\\\/www.namorgy.com\\\/blog\\\/#\\\/schema\\\/person\\\/7037cc04551c43ba5e74edd08fda91c2\"},\"headline\":\"Critical Vulnerability in PHPFusion CMS Discovered\",\"datePublished\":\"2023-09-06T13:29:06+00:00\",\"dateModified\":\"2023-09-06T13:34:01+00:00\",\"mainEntityOfPage\":{\"@id\":\"http:\\\/\\\/www.namorgy.com\\\/blog\\\/2023\\\/09\\\/06\\\/critical-vulnerability-in-phpfusion-cms\\\/\"},\"wordCount\":167,\"image\":{\"@id\":\"http:\\\/\\\/www.namorgy.com\\\/blog\\\/2023\\\/09\\\/06\\\/critical-vulnerability-in-phpfusion-cms\\\/#primaryimage\"},\"thumbnailUrl\":\"https:\\\/\\\/eu-images.contentstack.com\\\/v3\\\/assets\\\/blt66983808af36a8ef\\\/blteb243765377478db\\\/64f797adf7b4012e6ba3cc04\\\/php_BEST-BACKGROUNDS_shutterstock.jpg?quality=80&format=webply&width=690\",\"inLanguage\":\"en-US\"},{\"@type\":\"WebPage\",\"@id\":\"http:\\\/\\\/www.namorgy.com\\\/blog\\\/2023\\\/09\\\/06\\\/critical-vulnerability-in-phpfusion-cms\\\/\",\"url\":\"http:\\\/\\\/www.namorgy.com\\\/blog\\\/2023\\\/09\\\/06\\\/critical-vulnerability-in-phpfusion-cms\\\/\",\"name\":\"Critical Vulnerability in PHPFusion CMS Discovered -\",\"isPartOf\":{\"@id\":\"http:\\\/\\\/www.namorgy.com\\\/blog\\\/#website\"},\"primaryImageOfPage\":{\"@id\":\"http:\\\/\\\/www.namorgy.com\\\/blog\\\/2023\\\/09\\\/06\\\/critical-vulnerability-in-phpfusion-cms\\\/#primaryimage\"},\"image\":{\"@id\":\"http:\\\/\\\/www.namorgy.com\\\/blog\\\/2023\\\/09\\\/06\\\/critical-vulnerability-in-phpfusion-cms\\\/#primaryimage\"},\"thumbnailUrl\":\"https:\\\/\\\/eu-images.contentstack.com\\\/v3\\\/assets\\\/blt66983808af36a8ef\\\/blteb243765377478db\\\/64f797adf7b4012e6ba3cc04\\\/php_BEST-BACKGROUNDS_shutterstock.jpg?quality=80&format=webply&width=690\",\"datePublished\":\"2023-09-06T13:29:06+00:00\",\"dateModified\":\"2023-09-06T13:34:01+00:00\",\"author\":{\"@id\":\"http:\\\/\\\/www.namorgy.com\\\/blog\\\/#\\\/schema\\\/person\\\/7037cc04551c43ba5e74edd08fda91c2\"},\"description\":\"Critical Vulnerability in PHPFusion CMS\",\"breadcrumb\":{\"@id\":\"http:\\\/\\\/www.namorgy.com\\\/blog\\\/2023\\\/09\\\/06\\\/critical-vulnerability-in-phpfusion-cms\\\/#breadcrumb\"},\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"http:\\\/\\\/www.namorgy.com\\\/blog\\\/2023\\\/09\\\/06\\\/critical-vulnerability-in-phpfusion-cms\\\/\"]}]},{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"http:\\\/\\\/www.namorgy.com\\\/blog\\\/2023\\\/09\\\/06\\\/critical-vulnerability-in-phpfusion-cms\\\/#primaryimage\",\"url\":\"https:\\\/\\\/eu-images.contentstack.com\\\/v3\\\/assets\\\/blt66983808af36a8ef\\\/blteb243765377478db\\\/64f797adf7b4012e6ba3cc04\\\/php_BEST-BACKGROUNDS_shutterstock.jpg?quality=80&format=webply&width=690\",\"contentUrl\":\"https:\\\/\\\/eu-images.contentstack.com\\\/v3\\\/assets\\\/blt66983808af36a8ef\\\/blteb243765377478db\\\/64f797adf7b4012e6ba3cc04\\\/php_BEST-BACKGROUNDS_shutterstock.jpg?quality=80&format=webply&width=690\"},{\"@type\":\"BreadcrumbList\",\"@id\":\"http:\\\/\\\/www.namorgy.com\\\/blog\\\/2023\\\/09\\\/06\\\/critical-vulnerability-in-phpfusion-cms\\\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Home\",\"item\":\"http:\\\/\\\/www.namorgy.com\\\/blog\\\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"Critical Vulnerability in PHPFusion CMS Discovered\"}]},{\"@type\":\"WebSite\",\"@id\":\"http:\\\/\\\/www.namorgy.com\\\/blog\\\/#website\",\"url\":\"http:\\\/\\\/www.namorgy.com\\\/blog\\\/\",\"name\":\"Namorgy.com\",\"description\":\"\",\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"http:\\\/\\\/www.namorgy.com\\\/blog\\\/?s={search_term_string}\"},\"query-input\":{\"@type\":\"PropertyValueSpecification\",\"valueRequired\":true,\"valueName\":\"search_term_string\"}}],\"inLanguage\":\"en-US\"},{\"@type\":\"Person\",\"@id\":\"http:\\\/\\\/www.namorgy.com\\\/blog\\\/#\\\/schema\\\/person\\\/7037cc04551c43ba5e74edd08fda91c2\",\"name\":\"Namorgy\",\"image\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/e20986966f4472043ecdaf2cf41caaa3d2477283bd208dfc1d663755a5100b2c?s=96&d=mm&r=g\",\"url\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/e20986966f4472043ecdaf2cf41caaa3d2477283bd208dfc1d663755a5100b2c?s=96&d=mm&r=g\",\"contentUrl\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/e20986966f4472043ecdaf2cf41caaa3d2477283bd208dfc1d663755a5100b2c?s=96&d=mm&r=g\",\"caption\":\"Namorgy\"},\"sameAs\":[\"http:\\\/\\\/www.namorgy.com\"],\"url\":\"http:\\\/\\\/www.namorgy.com\\\/blog\\\/author\\\/namorgy_12uffn\\\/\"}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"Critical Vulnerability in PHPFusion CMS Discovered -","description":"Critical Vulnerability in PHPFusion CMS","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"http:\/\/www.namorgy.com\/blog\/2023\/09\/06\/critical-vulnerability-in-phpfusion-cms\/","og_locale":"en_US","og_type":"article","og_title":"Critical Vulnerability in PHPFusion CMS Discovered -","og_description":"Critical Vulnerability in PHPFusion CMS","og_url":"http:\/\/www.namorgy.com\/blog\/2023\/09\/06\/critical-vulnerability-in-phpfusion-cms\/","article_published_time":"2023-09-06T13:29:06+00:00","article_modified_time":"2023-09-06T13:34:01+00:00","og_image":[{"url":"https:\/\/eu-images.contentstack.com\/v3\/assets\/blt66983808af36a8ef\/blteb243765377478db\/64f797adf7b4012e6ba3cc04\/php_BEST-BACKGROUNDS_shutterstock.jpg?quality=80&format=webply&width=690","type":"","width":"","height":""}],"author":"Namorgy","twitter_card":"summary_large_image","twitter_misc":{"Written by":"Namorgy","Est. reading time":"1 minute"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"Article","@id":"http:\/\/www.namorgy.com\/blog\/2023\/09\/06\/critical-vulnerability-in-phpfusion-cms\/#article","isPartOf":{"@id":"http:\/\/www.namorgy.com\/blog\/2023\/09\/06\/critical-vulnerability-in-phpfusion-cms\/"},"author":{"name":"Namorgy","@id":"http:\/\/www.namorgy.com\/blog\/#\/schema\/person\/7037cc04551c43ba5e74edd08fda91c2"},"headline":"Critical Vulnerability in PHPFusion CMS Discovered","datePublished":"2023-09-06T13:29:06+00:00","dateModified":"2023-09-06T13:34:01+00:00","mainEntityOfPage":{"@id":"http:\/\/www.namorgy.com\/blog\/2023\/09\/06\/critical-vulnerability-in-phpfusion-cms\/"},"wordCount":167,"image":{"@id":"http:\/\/www.namorgy.com\/blog\/2023\/09\/06\/critical-vulnerability-in-phpfusion-cms\/#primaryimage"},"thumbnailUrl":"https:\/\/eu-images.contentstack.com\/v3\/assets\/blt66983808af36a8ef\/blteb243765377478db\/64f797adf7b4012e6ba3cc04\/php_BEST-BACKGROUNDS_shutterstock.jpg?quality=80&format=webply&width=690","inLanguage":"en-US"},{"@type":"WebPage","@id":"http:\/\/www.namorgy.com\/blog\/2023\/09\/06\/critical-vulnerability-in-phpfusion-cms\/","url":"http:\/\/www.namorgy.com\/blog\/2023\/09\/06\/critical-vulnerability-in-phpfusion-cms\/","name":"Critical Vulnerability in PHPFusion CMS Discovered -","isPartOf":{"@id":"http:\/\/www.namorgy.com\/blog\/#website"},"primaryImageOfPage":{"@id":"http:\/\/www.namorgy.com\/blog\/2023\/09\/06\/critical-vulnerability-in-phpfusion-cms\/#primaryimage"},"image":{"@id":"http:\/\/www.namorgy.com\/blog\/2023\/09\/06\/critical-vulnerability-in-phpfusion-cms\/#primaryimage"},"thumbnailUrl":"https:\/\/eu-images.contentstack.com\/v3\/assets\/blt66983808af36a8ef\/blteb243765377478db\/64f797adf7b4012e6ba3cc04\/php_BEST-BACKGROUNDS_shutterstock.jpg?quality=80&format=webply&width=690","datePublished":"2023-09-06T13:29:06+00:00","dateModified":"2023-09-06T13:34:01+00:00","author":{"@id":"http:\/\/www.namorgy.com\/blog\/#\/schema\/person\/7037cc04551c43ba5e74edd08fda91c2"},"description":"Critical Vulnerability in PHPFusion CMS","breadcrumb":{"@id":"http:\/\/www.namorgy.com\/blog\/2023\/09\/06\/critical-vulnerability-in-phpfusion-cms\/#breadcrumb"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["http:\/\/www.namorgy.com\/blog\/2023\/09\/06\/critical-vulnerability-in-phpfusion-cms\/"]}]},{"@type":"ImageObject","inLanguage":"en-US","@id":"http:\/\/www.namorgy.com\/blog\/2023\/09\/06\/critical-vulnerability-in-phpfusion-cms\/#primaryimage","url":"https:\/\/eu-images.contentstack.com\/v3\/assets\/blt66983808af36a8ef\/blteb243765377478db\/64f797adf7b4012e6ba3cc04\/php_BEST-BACKGROUNDS_shutterstock.jpg?quality=80&format=webply&width=690","contentUrl":"https:\/\/eu-images.contentstack.com\/v3\/assets\/blt66983808af36a8ef\/blteb243765377478db\/64f797adf7b4012e6ba3cc04\/php_BEST-BACKGROUNDS_shutterstock.jpg?quality=80&format=webply&width=690"},{"@type":"BreadcrumbList","@id":"http:\/\/www.namorgy.com\/blog\/2023\/09\/06\/critical-vulnerability-in-phpfusion-cms\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"http:\/\/www.namorgy.com\/blog\/"},{"@type":"ListItem","position":2,"name":"Critical Vulnerability in PHPFusion CMS Discovered"}]},{"@type":"WebSite","@id":"http:\/\/www.namorgy.com\/blog\/#website","url":"http:\/\/www.namorgy.com\/blog\/","name":"Namorgy.com","description":"","potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"http:\/\/www.namorgy.com\/blog\/?s={search_term_string}"},"query-input":{"@type":"PropertyValueSpecification","valueRequired":true,"valueName":"search_term_string"}}],"inLanguage":"en-US"},{"@type":"Person","@id":"http:\/\/www.namorgy.com\/blog\/#\/schema\/person\/7037cc04551c43ba5e74edd08fda91c2","name":"Namorgy","image":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/secure.gravatar.com\/avatar\/e20986966f4472043ecdaf2cf41caaa3d2477283bd208dfc1d663755a5100b2c?s=96&d=mm&r=g","url":"https:\/\/secure.gravatar.com\/avatar\/e20986966f4472043ecdaf2cf41caaa3d2477283bd208dfc1d663755a5100b2c?s=96&d=mm&r=g","contentUrl":"https:\/\/secure.gravatar.com\/avatar\/e20986966f4472043ecdaf2cf41caaa3d2477283bd208dfc1d663755a5100b2c?s=96&d=mm&r=g","caption":"Namorgy"},"sameAs":["http:\/\/www.namorgy.com"],"url":"http:\/\/www.namorgy.com\/blog\/author\/namorgy_12uffn\/"}]}},"_links":{"self":[{"href":"http:\/\/www.namorgy.com\/blog\/wp-json\/wp\/v2\/posts\/16844","targetHints":{"allow":["GET"]}}],"collection":[{"href":"http:\/\/www.namorgy.com\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"http:\/\/www.namorgy.com\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"http:\/\/www.namorgy.com\/blog\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"http:\/\/www.namorgy.com\/blog\/wp-json\/wp\/v2\/comments?post=16844"}],"version-history":[{"count":2,"href":"http:\/\/www.namorgy.com\/blog\/wp-json\/wp\/v2\/posts\/16844\/revisions"}],"predecessor-version":[{"id":16848,"href":"http:\/\/www.namorgy.com\/blog\/wp-json\/wp\/v2\/posts\/16844\/revisions\/16848"}],"wp:attachment":[{"href":"http:\/\/www.namorgy.com\/blog\/wp-json\/wp\/v2\/media?parent=16844"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"http:\/\/www.namorgy.com\/blog\/wp-json\/wp\/v2\/categories?post=16844"},{"taxonomy":"post_tag","embeddable":true,"href":"http:\/\/www.namorgy.com\/blog\/wp-json\/wp\/v2\/tags?post=16844"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}