CVE-2023-4480
Arbitrary File Read in Fusion File ManagerDue to an out-of-date dependency in the “Fusion File Manager” component accessible through the admin panel, an attacker can send a crafted request that allows them to read the contents of files on the system accessible within the privileges of the running process. Additionally, they may write files to arbitrary locations, provided the files pass the application’s mime-type and file extension validation.
We have discovered 171 live websites that are affected by CVE-2023-4480.
Affected Software
| Product |  PHPFusion |
| Category | Content Management System |
| Vulnerable Domains | 171 live websites (96% of PHPFusion install base) |
| Vulnerable Versions |
|
| Vulnerable Versions Count | 19 versions ( 95% of all versions) |
Common Weakness Enumeration
CWE-538 Insertion of Sensitive Information into Externally-Accessible File or DirectoryDetails
- Published - Sep 5, 2023
- Updated - Sep 26, 2024
Credits
- Dharani Sri Penumacha (finder)
CVE References
CWE References
CWE
Website Distribution by Country
Number of websites using CVE-2023-4480 United States | 31 websites |
 Germany | 24 websites |
 Poland | 24 websites |
 GB | 19 websites |
 Netherlands | 16 websites |
 Hungary | 11 websites |
 Denmark | 8 websites |
 Czech Republic | 6 websites |
 Sweden | 4 websites |
 Slovakia | 4 websites |
Website Distribution by TLD
Number of websites using CVE-2023-4480| .com | 32 websites |
| .pl | 18 websites |
| .de | 15 websites |
| .org | 13 websites |
| .eu | 13 websites |
| .nl | 10 websites |
| .net | 8 websites |
| .dk | 8 websites |
| .co.uk | 7 websites |
| .cz | 5 websites |
Vulnerable Versions
Vulnerable versions are highlighted in redWebsites affected by CVE-2023-4480
Top websites that are affected by CVE-2023-4480. Please click on the "Contact us" link to get more information.| Domain | Country | Rank | Contacts |
|---|---|---|---|
| **********.**.uk | United States | **,*** | |
| *********.com | United States | ***,*** | |
| *******.de | Germany | *,***,*** | |
| *****.nu | Sweden | *,***,*** | |
| *********.cz | Czech Republic | *,***,*** | |
| *******.****.org | Netherlands | *,***,*** | |
| ***************.pl | Poland | *,***,*** | |
| *********.org | United States | *,***,*** | |
| *******.***.la |  Laos | *,***,*** | |
| **********.**.uk | GB | *,***,*** |
FAQ
CVE-2023-4480 is Insertion of Sensitive Information into Externally-Accessible File or Directory in PHPFusion
A total of 171 websites have been identified as vulnerable to CVE-2023-4480, based on global website indexing conducted by WebTechSurvey.
The PHPFusion is affected by the CVE-2023-4480 vulnerability.
PHPFusion versions up to and including 9.10.30 are vulnerable to CVE-2023-4480.