← Volver a CVEs
CVE-2021-47783
MEDIUM5.4
Descripcion
Phpwcms 1.9.30 contains a file upload vulnerability that allows authenticated attackers to upload malicious SVG files with embedded JavaScript. Attackers can upload crafted SVG payloads through the multiple file upload feature to potentially execute cross-site scripting attacks on the platform.
Detalles CVE
Puntuacion CVSS v3.15.4
SeveridadMEDIUM
Vector CVSSCVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
Vector de ataqueNETWORK
ComplejidadLOW
Privilegios requeridosLOW
Interaccion usuarioREQUIRED
Publicado1/16/2026
Ultima modificacion2/9/2026
Fuentenvd
Avistamientos honeypot0
Productos afectados
phpwcms:phpwcms
Debilidades (CWE)
CWE-434
Referencias
http://www.phpwcms.org/(disclosure@vulncheck.com)
https://www.exploit-db.com/exploits/50363(disclosure@vulncheck.com)
https://www.vulncheck.com/advisories/phpwcms-arbitrary-file-upload(disclosure@vulncheck.com)
https://www.exploit-db.com/exploits/50363(134c704f-9b21-4f2e-91b3-4a467353bcc0)
Correlaciones IOC
Sin correlaciones registradas
This product uses data from the NVD API but is not endorsed or certified by the NVD.