Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee
Get alerts for future matching vulnerabilitiesLog in to subscribe
I. Basic Information for CVE-2023-2453
Vulnerability Information
Have questions about the vulnerability? See if Shenlong's analysis helps!
View Shenlong Deep Dive ↗

Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.

Vulnerability Title
Local file Inclusion (LFI) in Forum Infusion via Directory Traversal
Source: NVD (National Vulnerability Database)
Vulnerability Description
There is insufficient sanitization of tainted file names that are directly concatenated with a path that is subsequently passed to a ‘require_once’ statement. This allows arbitrary files with the ‘.php’ extension for which the absolute path is known to be included and executed. There are no known means in PHPFusion through which an attacker can upload and target a ‘.php’ file payload.
Source: NVD (National Vulnerability Database)
CVSS Information
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Source: NVD (National Vulnerability Database)
Vulnerability Type
从非可信控制范围包含功能例程
Source: NVD (National Vulnerability Database)
Vulnerability Title
PHPFusion 安全漏洞
Source: CNNVD (China National Vulnerability Database)
Vulnerability Description
PHPFusion是马来西亚PHPFusion公司的一套基于MySql和PHP的开源轻量级内容管理系统。该系统包含新闻、文章和论坛等模块。 PHPFusion存在安全漏洞,该漏洞源于对受污染文件名的清理不充分,允许执行具有.php扩展名的任意文件。
Source: CNNVD (China National Vulnerability Database)
CVSS Information
N/A
Source: CNNVD (China National Vulnerability Database)
Vulnerability Type
N/A
Source: CNNVD (China National Vulnerability Database)
Affected Products
VendorProductAffected VersionsCPESubscribe
PHPFusionPHPFusion 0 ~ 9.10.30 -
II. Public POCs for CVE-2023-2453
#POC DescriptionSource LinkShenlong Link
AI-Generated POCPremium

No public POC found.

Login to generate AI POC
III. Intelligence Information for CVE-2023-2453
Please Login to view more intelligence information
IV. Related Vulnerabilities
Same product: PHPFusion
Same vendor: PHPFusion
Same weakness: CWE-829
V. Comments for CVE-2023-2453

No comments yet

Leave a comment