CVE-2021-28931

Published July 7th, 2021

View on NVD ↗

CVSS v3

8.8

HIGH

CVSS v2

6.5

MEDIUM

Affected

PROJECT

Description

Arbitrary file upload vulnerability in Fork CMS 5.9.2 allows attackers to create or replace arbitrary files in the /themes directory via a crafted zip file uploaded to the Themes panel.

forkcms/forkcms

Fork is an easy to use open source CMS using Symfony Components.

GitHub

1.17K