PHPFusion 9.03.110 Theme {Theme Folder} Privilege Escalation
CVSS Meta Temp Score | Current Exploit Price (≈) | CTI Interest Score |
---|---|---|
5.0 | $0-$5k | 0.00 |
A vulnerability was found in PHPFusion 9.03.110 and classified as problematic. This issue affects an unknown code of the file webroot/themes/{Theme Folder} of the component Theme Handler. Impacted is confidentiality, integrity, and availability.
The weakness was released 10/12/2021 as 2374. The advisory is shared at github.com. The identification of this vulnerability is CVE-2021-40189 since 08/30/2021. It demands that the victim is doing some kind of user interaction. Technical details as well as a exploit are known.
It is declared as proof-of-concept.
Applying the patch Fix #2374 is able to eliminate this problem. The bugfix is ready for download at github.com.
Entries connected to this vulnerability are available at VDB-165028, VDB-166718, VDB-180068 and VDB-196518.
Product
Name
Version
License
CPE 2.3
CPE 2.2
CVSSv4
VulDB CVSS-B Score: 🔍VulDB CVSS-BT Score: 🔍
VulDB Vector: 🔍
VulDB Reliability: 🔍
CVSSv3
VulDB Meta Base Score: 5.5VulDB Meta Temp Score: 5.0
VulDB Base Score: 5.5
VulDB Temp Score: 5.0
VulDB Vector: 🔍
VulDB Reliability: 🔍
CVSSv2
AV | AC | Au | C | I | A |
---|---|---|---|---|---|
💳 | 💳 | 💳 | 💳 | 💳 | 💳 |
💳 | 💳 | 💳 | 💳 | 💳 | 💳 |
💳 | 💳 | 💳 | 💳 | 💳 | 💳 |
Vector | Complexity | Authentication | Confidentiality | Integrity | Availability |
---|---|---|---|---|---|
unlock | unlock | unlock | unlock | unlock | unlock |
unlock | unlock | unlock | unlock | unlock | unlock |
unlock | unlock | unlock | unlock | unlock | unlock |
VulDB Base Score: 🔍
VulDB Temp Score: 🔍
VulDB Reliability: 🔍
Exploiting
Class: Privilege EscalationCWE: Unknown
CAPEC: 🔍
ATT&CK: 🔍
Local: No
Remote: Yes
Availability: 🔍
Status: Proof-of-Concept
EPSS Score: 🔍
EPSS Percentile: 🔍
Price Prediction: 🔍
Current Price Estimation: 🔍
0-Day | unlock | unlock | unlock | unlock |
---|---|---|---|---|
Today | unlock | unlock | unlock | unlock |
Threat Intelligence
Interest: 🔍Active Actors: 🔍
Active APT Groups: 🔍
Countermeasures
Recommended: PatchStatus: 🔍
0-Day Time: 🔍
Patch: Fix #2374
Timeline
08/30/2021 🔍10/12/2021 🔍
10/12/2021 🔍
10/14/2021 🔍
Sources
Advisory: 2374Status: Confirmed
CVE: CVE-2021-40189 (🔍)
scip Labs: https://www.scip.ch/en/?labs.20161013
See also: 🔍
Entry
Created: 10/12/2021 09:53Updated: 10/14/2021 15:49
Changes: 10/12/2021 09:53 (18), 10/12/2021 09:54 (5), 10/12/2021 09:56 (17), 10/14/2021 15:49 (1)
Complete: 🔍
Committer: roga
Cache ID: 3:D4D:103
No comments yet. Languages: en.
Please log in to comment.