CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
AI Score
Confidence
Low
EPSS
Percentile
38.7%
PHPFusion is prone to multiple vulnerabilities.
# SPDX-FileCopyrightText: 2023 Greenbone AG
# Some text descriptions might be excerpted from (a) referenced
# source(s), and are Copyright (C) by the respective right holder(s).
#
# SPDX-License-Identifier: GPL-2.0-only
CPE = "cpe:/a:php-fusion:php-fusion";
if(description)
{
script_oid("1.3.6.1.4.1.25623.1.0.126503");
script_version("2024-04-09T05:05:38+0000");
script_tag(name:"last_modification", value:"2024-04-09 05:05:38 +0000 (Tue, 09 Apr 2024)");
script_tag(name:"creation_date", value:"2023-10-05 10:22:35 +0000 (Thu, 05 Oct 2023)");
script_tag(name:"cvss_base", value:"9.0");
script_tag(name:"cvss_base_vector", value:"AV:N/AC:L/Au:S/C:C/I:C/A:C");
script_tag(name:"severity_vector", value:"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H");
script_tag(name:"severity_origin", value:"NVD");
script_tag(name:"severity_date", value:"2023-09-08 17:27:00 +0000 (Fri, 08 Sep 2023)");
script_cve_id("CVE-2023-2453", "CVE-2023-4480");
script_tag(name:"qod_type", value:"remote_banner");
script_tag(name:"solution_type", value:"NoneAvailable");
script_name("PHPFusion <= 9.10.30 Multiple Vulnerabilities");
script_category(ACT_GATHER_INFO);
script_copyright("Copyright (C) 2023 Greenbone AG");
script_family("Web application abuses");
script_dependencies("secpod_php_fusion_detect.nasl");
script_mandatory_keys("php-fusion/detected");
script_tag(name:"summary", value:"PHPFusion is prone to multiple vulnerabilities.");
script_tag(name:"vuldetect", value:"Checks if a vulnerable version is present on the target host.");
script_tag(name:"insight", value:"The following vulnerabilities exist:
- CVE-2023-2453: Insufficient sanitization of tainted file names that are directly concatenated
with a path that is subsequently passed to a 'require_once' statement. This allows arbitrary
files with the '.php' extension for which the absolute path is known to be included and executed.
- CVE-2023-4480: Due to an out-of-date dependency in the 'Fusion File Manager' component
accessible through the admin panel, an attacker can send a crafted request that allows them to
read the contents of files on the system accessible within the privileges of the running process.
Additionally, they may write files to arbitrary locations, provided the files pass the
application's mime-type and file extension validation.");
script_tag(name:"affected", value:"PHPFusion version 9.10.30 and prior.");
script_tag(name:"solution", value:"No known solution is available as of 08th April, 2024.
Information regarding this issue will be updated once solution details are available.");
script_xref(name:"URL", value:"https://www.synopsys.com/blogs/software-security/cyrc-vulnerability-advisory-cve-2023-2453.html");
exit(0);
}
include("host_details.inc");
include("version_func.inc");
if (!port = get_app_port(cpe: CPE))
exit(0);
if (!infos = get_app_version_and_location(cpe: CPE, port: port, exit_no_version: TRUE))
exit(0);
version = infos["version"];
location = infos["location"];
if (version_is_less_equal(version: version, test_version: "9.10.30")) {
report = report_fixed_ver(installed_version: version, fixed_version: "None", install_path: location);
security_message(port: port, data: report);
exit(0);
}
exit(99);
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
AI Score
Confidence
Low
EPSS
Percentile
38.7%