一、 漏洞 CVE-2021-47783 基础信息
漏洞信息
# Phpwcms 1.9.30 文件上传漏洞
N/A
神龙判断
是否为 Web 类漏洞: 未知
判断理由:
N/A
提示
尽管我们采用了先进的大模型技术,但其输出仍可能包含不准确或过时的信息。
神龙会尽力确保数据准确,但也请结合实际情况进行甄别与判断。
神龙祝您一切顺利!
神龙会尽力确保数据准确,但也请结合实际情况进行甄别与判断。
神龙祝您一切顺利!
漏洞标题
Phpwcms 1.9.30 - Arbitrary File Upload
来源:美国国家漏洞数据库 NVD
漏洞描述信息
Phpwcms 1.9.30 contains a file upload vulnerability that allows authenticated attackers to upload malicious SVG files with embedded JavaScript. Attackers can upload crafted SVG payloads through the multiple file upload feature to potentially execute cross-site scripting attacks on the platform.
来源:美国国家漏洞数据库 NVD
CVSS信息
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
来源:美国国家漏洞数据库 NVD
漏洞类别
危险类型文件的不加限制上传
来源:美国国家漏洞数据库 NVD
二、漏洞 CVE-2021-47783 的公开POC
| # | POC 描述 | 源链接 | 神龙链接 |
|---|
三、漏洞 CVE-2021-47783 的情报信息
标题: Phpwcms 1.9.30 - Arbitrary File Upload - PHP webapps Exploit -- 🔗来源链接
标签:exploit
神龙速读:### 关键漏洞信息 #### 漏洞概述 - **名称**: Phpwcms 1.9.30 - Arbitrary File Upload #### 核心信息 - **EDB-ID**: 50363 - **CVE**: N/A - **验证状态**: EDB Unverified - **作者**: Okan Kurtulus - **类型**: WEBAPPS - **平台**: PHP - **日期**: 2021-10-01 - **易受攻击的应用**: Phpwcms #### 利用方式 1. 登陆系统。 2. 创建SVG扩展的payload。 3. 从菜单中的文件选项上传多个文件。 4. 上传payload后,从以下链接调用: - `http://192.168.1.112/phpwcms/upload/` #### 测试环境 - **测试版本**: 1.9.30 - **操作系统**: Ubuntu 16.04 #### 链接和资源 - **Adobevory/源**: Link
标题: phpwcms 1.11.0 – Open Source Content Management System [CMS] -- 🔗来源链接
标签:product
神龙速读:- **Vulnerability in phpwcms Version 1.11.0** - Released on: November 22, 2025 - Legacy version: v1.9.47, released on November 22, 2025 - Prior versions <=1.3.3 are available on SourceForge.net but downloads appear broken - **Security Concerns and Reporting** - Articles expired by: December 31, 2010 - All security-related concerns should be reported [here](#). - Development issues and bug reports are accepted via [GitHub Issues](#). - **Development Environment** - Development releases are found on [GitHub](#) - Development version: 1.10-dev, PHP 8.3+ compatible 注意事项: 上述信息并未明确指出具体漏洞,但提供了软件版本、过期支持说明以及必要的安全报告链接和开发信息,供进一步调查。![phpwcms 1.11.0 – Open Source Content Management System [CMS]](https://cvepdf.imfht.com:2443//ti_screenshot/2026-01-20/screenshot-full-2026-01-20T01-00-16.749Z-b7ae121ed36dc2dd2bd3.webp)
标题: Phpwcms 1.9.30 - Arbitrary File Upload | Advisories | VulnCheck -- 🔗来源链接
标签:third-party-advisory
神龙速读:## Vulnerability Details: Phpwcms 1.9.30 - Arbitrary File Upload ### Severity - **Medium** ### Date - January 15, 2026 ### Affected Version - Phpwcms 1.9.30 ### CVE ID - CVE-2021-47783 ### CWE ID - CWE-434: Unrestricted Upload of File with Dangerous Type ### CVSS Score - V2.0: N/A - V3.0: N/A - V3.1: 8.1 - Vector String: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H ### Related Links - [ExploitDB-50363](#) - [Official Product Homepage](#) ### Credit - Okan Kurtulus ### Description - Phpwcms 1.9.30 contains a file upload vulnerability that allows authenticated attackers to upload malicious SVG files with embedded JavaScript. Attackers can upload crafted SVG payloads through the multiple file upload feature to potentially execute cross-site scripting attacks on the platform. ### Vulnerability Type - Arbitrary File Upload
- https://nvd.nist.gov/vuln/detail/CVE-2021-47783
四、漏洞 CVE-2021-47783 的评论
暂无评论