CVE-2021-47783
MED 5.4Phpwcms 1.9.30 contains a file upload vulnerability that allows authenticated attackers to upload malicious SVG files with embedded JavaScript. Attackers can upload crafted SVG payloads through the multiple file upload feature to potentially execute cross-site scripting attacks on the platform.
Affected Applications in Environment
12
php
v2:8.4+101~+ubuntu24.04.1+deb.sury.org+1
8 devices
php
v2:8.4+100~+ubuntu24.04.1+deb.sury.org+1
1 device
php
v5.4.16-48.el7
1 device
php
v2:7.4+75
3 devices
php
v2:8.4+101~+ubuntu22.04.1+deb.sury.org+1
1 device
php
v2:8.2+93
1 device
php
v1:7.0+35ubuntu6.1
1 device
php
v2:8.4+96+ubuntu20.04.1+deb.sury.org+1
1 device
php
v2:8.4+100~+ubuntu22.04.1+deb.sury.org+1
1 device
php
v2:8.1+92ubuntu1
1 device
php
v2:8.3+93ubuntu2
5 devices
php
v1:7.2+60ubuntu1
1 device
Affected Devices
25
aggietower
Linux
ah-ots
Linux
cceredcapweb
Linux
guru.cluster
Linux
kena-utility
Linux
my1
Linux
mysql02
Linux
privatebin
Linux
rcbd
Linux
rcdb-dev
Linux
redcapweb
Linux
sys-serv-l-301-data
Linux
web04a
Linux
web06
Linux
web08.usu.edu
Linux
web11.usu.edu
Linux
web13.usu.edu
Linux
web14.usu.edu
Linux
web20
Linux
web22
Linux
web28
Linux
web29.usu.edu
Linux
web30.usu.edu
Linux
web37.usu.edu
Linux
webs.usu.edu
Linux