CVE-2023-4480

Due to an out-of-date dependency in the “Fusion File Manager” component accessible through the admin panel, an attacker can send a crafted request that allows them to read the contents of files on the system accessible within the privileges of the running process. Additionally, they may write files to arbitrary locations, provided the files pass the application’s mime-type and file extension validation.

CVSS v3 5.5 MEDIUM

5.5^/10

CVSS v3 : MEDIUM

Vector :

Exploitability : 1.2 / Impact : 4.2

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required HIGH

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact LOW

Availability Impact NONE

Scope UNCHANGED

References

Link	Resource
https://www.synopsys.com/blogs/software-security/cyrc-vulnerability-advisory-cve-2023-2453/	Third Party Advisory

Configurations

Configuration 1 (hide)

cpe:2.3:a:php-fusion:phpfusion:*:*:*:*:*:*:*:*

History

No history.

Information

Published : 2023-09-05 15:15

Updated : 2023-09-08 17:26

NVD link : CVE-2023-4480

Mitre link : CVE-2023-4480

CVE.ORG link : CVE-2023-4480

JSON object : View

Products Affected

php-fusion

phpfusion

CWE

CWE-22

Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')

CWE-538

Insertion of Sensitive Information into Externally-Accessible File or Directory

{"id": "CVE-2023-4480", "cveTags": [], "metrics": {"cvssMetricV31": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 5.5, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:L/A:N", "integrityImpact": "LOW", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "HIGH", "confidentialityImpact": "HIGH"}, "impactScore": 4.2, "exploitabilityScore": 1.2}, {"type": "Secondary", "source": "disclosure@synopsys.com", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 5.5, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:L/A:N", "integrityImpact": "LOW", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "HIGH", "confidentialityImpact": "HIGH"}, "impactScore": 4.2, "exploitabilityScore": 1.2}]}, "published": "2023-09-05T15:15:42.883", "references": [{"url": "https://www.synopsys.com/blogs/software-security/cyrc-vulnerability-advisory-cve-2023-2453/", "tags": ["Third Party Advisory"], "source": "disclosure@synopsys.com"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-22"}]}, {"type": "Secondary", "source": "disclosure@synopsys.com", "description": [{"lang": "en", "value": "CWE-538"}]}], "descriptions": [{"lang": "en", "value": "\nDue to an out-of-date dependency in the \u201cFusion File Manager\u201d component accessible through the admin panel, an attacker can send a crafted request that allows them to read the contents of files on the system accessible within the privileges of the running process. Additionally, they may write files to arbitrary locations, provided the files pass the application\u2019s mime-type and file extension validation.\u00a0\n\n"}, {"lang": "es", "value": "Debido a una dependencia desactualizada en el componente \"Fusion File Manager\" accesible a trav\u00e9s del panel de administraci\u00f3n, un atacante puede enviar una petici\u00f3n crafteada que le permita leer el contenido de archivos del sistema accesibles dentro de los privilegios del proceso en ejecuci\u00f3n. Adem\u00e1s, pueden escribir archivos en ubicaciones arbitrarias, siempre que los archivos pasen la validaci\u00f3n de extensi\u00f3n de archivo y el mime-type de la aplicaci\u00f3n."}], "lastModified": "2023-09-08T17:26:45.223", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:php-fusion:phpfusion:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "593D7CFA-FF94-4476-98CF-C83A17292E94", "versionEndIncluding": "9.10.30"}], "operator": "OR"}]}], "sourceIdentifier": "disclosure@synopsys.com"}