Description
Privilege escalation in PHP-Fusion 9.03.50 downloads/downloads.php allows an authenticated user (not admin) to send a crafted request to the server and perform remote command execution (RCE).
Remediation
References
Related Vulnerabilities
Serendipity Server-Side Request Forgery (SSRF) Vulnerability (CVE-2016-9752)
WordPress Plugin Video Conferencing with Zoom Information Disclosure (3.8.16)
Jenkins Missing Authorization Vulnerability (CVE-2021-21695)
OpenVPN AS Improper Authentication Vulnerability (CVE-2020-8953)
Moodle Exposure of Resource to Wrong Sphere Vulnerability (CVE-2017-7490)