top of page
perceptive_background_267k.jpg

phpKF CMS 3.00 Beta y6 contains an unauthenticated file upload vulnerability that allows remote attackers to execute arbitrary code by bypassing file extension …

Published:

14 January 2026 at 23:00:00

Alert date:

15 January 2026 at 18:11:37

Source:

nvd.nist.gov

Click to open the original link from this advisory

Web Technologies

phpKF CMS 3.00 Beta y6 contains a critical unauthenticated file upload vulnerability (CVE-2021-47753) that allows remote attackers to execute arbitrary code. The vulnerability enables attackers to bypass file extension checks by uploading PHP files disguised as PNG files, then renaming and executing them as web shells. This provides complete system command execution capabilities to unauthenticated remote attackers. The vulnerability affects the phpKF Content Management System and has been documented with proof-of-concept exploits available on Exploit-DB.

Technical details

Mitigation steps:

Affected products:

phpKF CMS

Related links:

https://nvd.nist.gov/vuln/detail/CVE-2021-47753
https://www.exploit-db.com/exploits/50610
https://www.phpkf.com/
https://www.phpkf.com/indirme.php

Related CVE's:

Related threat actors:

IOC's:

This article was created with the assistance of AI technology by Perceptive.

About us

© 2025 by Perceptive Security. All rights reserved.

email: info@perceptivesecurity.com

Disclaimer: Deze website toont informatie afkomstig van externe bronnen. Perceptive aanvaardt geen verantwoordelijkheid voor de inhoud, juistheid of volledigheid van deze informatie.

bottom of page