CVE-2020-24949
Privilege escalation in PHP-Fusion 9.03.50 downloads/downloads.php allows an authenticated user (not admin) to send a crafted request to the server and perform remote command execution (RCE).
We have discovered 79 live websites that are affected by CVE-2020-24949.
Affected Software
| Product |  PHPFusion |
| Category | Content Management System |
| Vulnerable Domains | 79 live websites (44% of PHPFusion install base) |
| Vulnerable Versions |
|
| Vulnerable Versions Count | 11 versions ( 55% of all versions) |
Details
- Published - Sep 3, 2020
- Updated - Aug 4, 2024
CVE References
Website Distribution by Country
Number of websites using CVE-2020-24949 United States | 11 websites |
 Netherlands | 16 websites |
 Germany | 13 websites |
 GB | 12 websites |
 Poland | 11 websites |
 Denmark | 3 websites |
 Czech Republic | 2 websites |
 Slovakia | 2 websites |
 Belgium | 1 websites |
 China | 1 websites |
Website Distribution by TLD
Number of websites using CVE-2020-24949| .eu | 13 websites |
| .com | 11 websites |
| .de | 10 websites |
| .nl | 8 websites |
| .pl | 7 websites |
| .co.uk | 5 websites |
| .dk | 4 websites |
| .org | 3 websites |
| .info | 2 websites |
| .net | 2 websites |
Vulnerable Versions
Vulnerable versions are highlighted in redWebsites affected by CVE-2020-24949
Top websites that are affected by CVE-2020-24949. Please click on the "Contact us" link to get more information.| Domain | Country | Rank | Contacts |
|---|---|---|---|
| *******.****.org | Netherlands | *,***,*** | |
| *******.***.la |  Laos | *,***,*** | |
| **********.**.uk | GB | *,***,*** | |
| *********.com |  France | *,***,*** | |
| ******.ro |  Romania | *,***,*** | |
| *********.pl | Poland | *,***,*** | |
| **********.eu | Czech Republic | *,***,*** | |
| ********.*******.eu | Poland | *,***,*** | |
| ***.************.nl | Netherlands | *,***,*** | |
| **************.nl | Netherlands | **,***,*** |