Description

Privilege escalation in PHP-Fusion 9.03.50 downloads/downloads.php allows an authenticated user (not admin) to send a crafted request to the server and perform remote command execution (RCE).

Remediation

References

CVE-2020-24949

Related Vulnerabilities

WordPress Plugin jQuery Reply to Comment Cross-Site Request Forgery (1.31)

WordPress Plugin Popup Builder-Create highly converting, mobile friendly marketing popups Cross-Site Scripting (3.69.6)

WordPress Plugin Subscribe Sidebar by Blubrry Cross-Site Scripting (1.3.1)

Apache Traffic Server CVE-2023-41752 Vulnerability (CVE-2023-41752)

WordPress Plugin MPL-Publisher-Create your Ebook & Audiobook Cross-Site Scripting (1.30.2)

Severity

High

Classification

CVE-2020-24949 CWE-269 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Tags

Missing Update Known Vulnerabilities