CVE-2021-40188
PHPFusion 9.03.110 is affected by an arbitrary file upload vulnerability. The File Manager function in admin panel does not filter all PHP extensions such as ".php, .php7, .phtml, .php5, ...". An attacker can upload a malicious file and execute code on the server.
We have discovered 90 live websites that are affected by CVE-2021-40188.
Affected Software
| Product |  PHPFusion |
| Category | Content Management System |
| Vulnerable Domains | 90 live websites (51% of PHPFusion install base) |
| Vulnerable Versions |
|
| Vulnerable Versions Count | 15 versions ( 75% of all versions) |
Details
- Published - Oct 11, 2021
- Updated - Aug 4, 2024
CVE References
Website Distribution by Country
Number of websites using CVE-2021-40188 United States | 16 websites |
 Netherlands | 16 websites |
 Germany | 15 websites |
 GB | 12 websites |
 Poland | 12 websites |
 Czech Republic | 3 websites |
 Denmark | 3 websites |
 Hungary | 2 websites |
 Slovakia | 2 websites |
 Belgium | 1 websites |
Website Distribution by TLD
Number of websites using CVE-2021-40188| .com | 13 websites |
| .eu | 13 websites |
| .de | 10 websites |
| .org | 8 websites |
| .pl | 8 websites |
| .nl | 8 websites |
| .co.uk | 5 websites |
| .dk | 4 websites |
| .net | 3 websites |
| .cz | 2 websites |
Vulnerable Versions
Vulnerable versions are highlighted in redWebsites affected by CVE-2021-40188
Top websites that are affected by CVE-2021-40188. Please click on the "Contact us" link to get more information.| Domain | Country | Rank | Contacts |
|---|---|---|---|
| *******.****.org | Netherlands | *,***,*** | |
| *********.org | United States | *,***,*** | |
| *******.***.la |  Laos | *,***,*** | |
| **********.**.uk | GB | *,***,*** | |
| *********.com |  France | *,***,*** | |
| ******.ro |  Romania | *,***,*** | |
| *********.pl | Poland | *,***,*** | |
| **********.eu | Czech Republic | *,***,*** | |
| ********.*******.eu | Poland | *,***,*** | |
| ***.************.nl | Netherlands | *,***,*** |