Phpwcms 1.9.30 - Arbitrary File Upload | Advisories

Advisories

Phpwcms 1.9.30 - Arbitrary File Upload

severity: medium
date: January 15, 2026
Affecting: Phpwcms 1.9.30
CVE: CVE-2021-47783
CWE: CWE-434 Unrestricted Upload of File with Dangerous Type
CVSS: 5.3
CVSS V4 Vector: CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N
References: ExploitDB-50363
Official Product Homepage
Credit: Okan Kurtulus
Description: Phpwcms 1.9.30 contains a file upload vulnerability that allows authenticated attackers to upload malicious SVG files with embedded JavaScript. Attackers can upload crafted SVG payloads through the multiple file upload feature to potentially execute cross-site scripting attacks on the platform.