#By KietNA From Inv1cta team, HPT Cyber Security Center Describe the bug
File Manager function in admin panel does not filter all of php extensions like ".php, .php7, .phtml, .php5, ...", The attacker can upload malicious file and execute code in server
Version
PHPFusion version: PHPFusion 9.03.110
To Reproduce
Steps to reproduce the behavior:
Go to administrator panel and click on FileManager function
Click on Upload file button, then choose .php file
The path of file will return in response
Finally, access and execute code on server
Screenshots
Request and response of function
Execute code on server:
Additional context
Although PHPFusion have 2 step verification for administrator panel, but if cookie of admin users were stolen, the attacker can POST request upload file with that cookie and execute code on server
#By KietNA From Inv1cta team, HPT Cyber Security Center
Describe the bug
File Manager function in admin panel does not filter all of php extensions like ".php, .php7, .phtml, .php5, ...", The attacker can upload malicious file and execute code in server
Version
PHPFusion version: PHPFusion 9.03.110
To Reproduce
Steps to reproduce the behavior:
Screenshots
Request and response of function

Execute code on server:

Additional context
Although PHPFusion have 2 step verification for administrator panel, but if cookie of admin users were stolen, the attacker can POST request upload file with that cookie and execute code on server
###REQUEST:
###RESPONSE:
The text was updated successfully, but these errors were encountered: