CVEDB API

Vulnerabilities

By Date
Known Exploited
Advanced Search

Vulnerable Software

Vendors
Products

Vulnerability Details CVE-2020-24949

Privilege escalation in PHP-Fusion 9.03.50 downloads/downloads.php allows an authenticated user (not admin) to send a crafted request to the server and perform remote command execution (RCE).

Exploit prediction scoring system (EPSS) score

EPSS Score 0.889

EPSS Ranking 99.5%

CVSS Severity

CVSS v3 Score 8.8

CVSS v2 Score 9.0

References

http://packetstormsecurity.com/files/162852/PHPFusion-9.03.50-Remote-Code-Execution.html
https://github.com/php-fusion/PHP-Fusion/issues/2312
http://packetstormsecurity.com/files/162852/PHPFusion-9.03.50-Remote-Code-Execution.html
https://github.com/php-fusion/PHP-Fusion/issues/2312

Products affected by CVE-2020-24949

Php-Fusion » Php-Fusion » Version: 9.03.50

cpe:2.3:a:php-fusion:php-fusion:9.03.50

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2020-24949

Products

Pricing

Contact Us