Due to an out-of-date dependency in the “Fusion File Manager” component accessible through the admin panel, an attacker can send a crafted request that allows them to read the contents of files on the system accessible within the privileges of the running process. Additionally, they may write files to arbitrary locations, provided the files pass the application’s mime-type and file extension validation.
Metrics
Affected Vendors & Products
References
History
No history.
MITRE
Status: PUBLISHED
Assigner: SNPS
Published: 2023-09-05T14:43:25.762Z
Updated: 2024-08-02T07:31:05.857Z
Reserved: 2023-08-22T14:47:58.456Z
Link: CVE-2023-4480
Vulnrichment
No data.
NVD
Status : Analyzed
Published: 2023-09-05T15:15:42.883
Modified: 2023-09-08T17:26:45.223
Link: CVE-2023-4480
Redhat
No data.