CVE-2023-2453
Local file Inclusion (LFI) in Forum Infusion via Directory TraversalThere is insufficient sanitization of tainted file names that are directly concatenated with a path that is subsequently passed to a ‘require_once’ statement. This allows arbitrary files with the ‘.php’ extension for which the absolute path is known to be included and executed. There are no known means in PHPFusion through which an attacker can upload and target a ‘.php’ file payload.
We have discovered 171 live websites that are affected by CVE-2023-2453.
Affected Software
| Product |  PHPFusion |
| Category | Content Management System |
| Vulnerable Domains | 171 live websites (96% of PHPFusion install base) |
| Vulnerable Versions |
|
| Vulnerable Versions Count | 19 versions ( 95% of all versions) |
Common Weakness Enumeration
CWE-829 Inclusion of Functionality from Untrusted Control SphereDetails
- Published - Sep 5, 2023
- Updated - Sep 27, 2024
Credits
- Matthew Hogg (finder)
CVE References
CWE References
CWE
Website Distribution by Country
Number of websites using CVE-2023-2453 United States | 31 websites |
 Germany | 24 websites |
 Poland | 24 websites |
 GB | 19 websites |
 Netherlands | 16 websites |
 Hungary | 11 websites |
 Denmark | 8 websites |
 Czech Republic | 6 websites |
 Sweden | 4 websites |
 Slovakia | 4 websites |
Website Distribution by TLD
Number of websites using CVE-2023-2453| .com | 32 websites |
| .pl | 18 websites |
| .de | 15 websites |
| .org | 13 websites |
| .eu | 13 websites |
| .nl | 10 websites |
| .net | 8 websites |
| .dk | 8 websites |
| .co.uk | 7 websites |
| .cz | 5 websites |
Vulnerable Versions
Vulnerable versions are highlighted in redWebsites affected by CVE-2023-2453
Top websites that are affected by CVE-2023-2453. Please click on the "Contact us" link to get more information.| Domain | Country | Rank | Contacts |
|---|---|---|---|
| **********.**.uk | United States | **,*** | |
| *********.com | United States | ***,*** | |
| *******.de | Germany | *,***,*** | |
| *****.nu | Sweden | *,***,*** | |
| *********.cz | Czech Republic | *,***,*** | |
| *******.****.org | Netherlands | *,***,*** | |
| ***************.pl | Poland | *,***,*** | |
| *********.org | United States | *,***,*** | |
| *******.***.la |  Laos | *,***,*** | |
| **********.**.uk | GB | *,***,*** |
FAQ
CVE-2023-2453 is Inclusion of Functionality from Untrusted Control Sphere in PHPFusion
A total of 171 websites have been identified as vulnerable to CVE-2023-2453, based on global website indexing conducted by WebTechSurvey.
The PHPFusion is affected by the CVE-2023-2453 vulnerability.
PHPFusion versions up to and including 9.10.30 are vulnerable to CVE-2023-2453.