CVE-2021-47753

Critical CVSS: 9.3

phpKF CMS 3.00 Beta y6 contains an unauthenticated file upload vulnerability that allows remote attackers to execute arbitrary code by bypassing file extension checks. Attackers can upload a PHP file disguised as a PNG, rename it, and execute system commands through a crafted web shell parameter.

Vendor

Phpkf

Product

Cms

CWE

CWE-434

Yayın Tarihi

2026-01-15 16:16:06

Güncelleme

2026-01-23 18:31:05

Source Identifier

disclosure@vulncheck.com

KEV Date Added

Kategoriler

CWE-434 Cms CRITICAL Phpkf 2026

Referanslar

https://www.exploit-db.com/exploits/50610 https://www.phpkf.com/ https://www.phpkf.com/indirme.php https://www.exploit-db.com/exploits/50610

Benzer Kayıtlar

Medium

CVE-2025-67443

Schlix CMS before v2.2.9-5 is vulnerable to Cross Site Scripting (XSS). Due to lack of javascript sanitization in the lo…

Medium

CVE-2025-6736

A vulnerability classified as critical was found in juzaweb CMS 3.4.2. Affected by this vulnerability is an unknown func…

Medium

CVE-2025-6735

A vulnerability classified as critical has been found in juzaweb CMS 3.4.2. Affected is an unknown function of the file…

Medium

CVE-2025-5429

A vulnerability classified as critical was found in juzaweb CMS up to 3.4.2. This vulnerability affects unknown code of…

Medium

CVE-2025-5427

A vulnerability was found in juzaweb CMS up to 3.4.2. It has been rated as critical. Affected by this issue is some unkn…

Medium

CVE-2025-5428

A vulnerability classified as critical has been found in juzaweb CMS up to 3.4.2. This affects an unknown part of the fi…