Subj : This top CMS has a major security flaw that could affect millions To : All From : TechnologyDaily Date : Wed Sep 06 2023 19:30:03 This top CMS has a major security flaw that could affect millions of websites Date: Wed, 06 Sep 2023 17:55:50 +0000 Description: PHPFusion flaw could lead to arbitrary code execution on a remote vulnerable endpoint. FULL STORY ====================================================================== PHPFusion, a top open-source content management system ( CMS ), carries multiple vulnerabilities that could put countless websites at risk, experts have warned. A report from researchers at Synopsys, who discovered the flaws, described one of the vulnerabilities as an authenticated local file inclusion flaw, which is now tracked as CVE-2023-2453. It a hacker can upload a malicious php file to a known path on a target system, the flaw would allow them to run arbitrary code on a remote endpoint. The second vulnerability is a moderate-severity bug in the CMS that allows threat actors to read files and write them to arbitrary locations. This one is tracked as CVE-2023-4480. All PHPFusion versions up to 9.10.30 are vulnerable, the researchers added, stating that there is no patch available. To make matters worse, there seems to be no interest in fixing the flaws, whatsoever. No patches in the pipeline In a notification email sent to TechRadar Pro on behalf of Synopsys, it was said that there are currently no patches available to fix the vulnerability, nor is the team aware of any plans by the project owners to create a patch. Synopsys said it tried to get to PHPFusion admins on numerous occasions, reaching out via email, vulnerability disclosure processes, GitHub, as well as community forums, to no avail. Finally, the team then decided to go public. PHPFusion is yet to respond to media inquiries. Read more > Serious WordPress plugin vulnerability abused to attack thousands of websites > This CMS cyberattack has affected thousands of sites worldwide > These are the best firewalls The open-source CMS was built in 2003. Since then its gained provenance, amassing a user base of some 15 million strong (according to website data). Dark Reading reports that many small and medium-sized businesses use it to create online forums, community-driven websites, and more. To stay safe, it would be best to disable the Forum Infusion through the admin pane, the researchers added, knowing that in some cases that would shut down the entire website. Here's our rundown of the best endpoint protection tools around ====================================================================== Link to news story: https://www.techradar.com/pro/security/this-top-cms-has-a-major-security-flaw- that-could-affect-millions-of-websites --- Mystic BBS v1.12 A47 (Linux/64) * Origin: tqwNet Technology News (1337:1/100) .