CVE-2021-47783

Sažetak

Phpwcms 1.9.30 contains a file upload vulnerability that allows authenticated attackers to upload malicious SVG files with embedded JavaScript. Attackers can upload crafted SVG payloads through the multiple file upload feature to potentially execute cross-site scripting attacks on the platform.

Reference

http://www.phpwcms.org/
https://www.exploit-db.com/exploits/50363
https://www.vulncheck.com/advisories/phpwcms-arbitrary-file-upload
https://www.exploit-db.com/exploits/50363

CVSS

Base:	5.4
Impact:	2.7
Exploitability:	2.3

Pristup

Vektor	Složenost	Autentikacija
NETWORK	LOW	LOW

Impact

Povjerljivost	Cjelovitost	Dostupnost
LOW	LOW	NONE

CVSS vektor

CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

Zadnje važnije ažuriranje

09-02-2026 - 14:52

Objavljeno

16-01-2026 - 00:16