top of page
perceptive_background_267k.jpg

phpKF CMS 3.00 Beta y6 contains an unauthenticated file upload vulnerability that allows remote attackers to execute arbitrary code by bypassing file extension …

Published:

14 januari 2026 om 23:00:00

Alert date:

15 januari 2026 om 18:11:37

Source:

nvd.nist.gov

Click to open the original link from this advisory

Web Technologies

phpKF CMS 3.00 Beta y6 contains a critical unauthenticated file upload vulnerability (CVE-2021-47753) that allows remote attackers to execute arbitrary code. The vulnerability enables attackers to bypass file extension checks by uploading PHP files disguised as PNG files, then renaming and executing them as web shells. This provides complete system command execution capabilities to unauthenticated remote attackers. The vulnerability affects the phpKF Content Management System and has been documented with proof-of-concept exploits available on Exploit-DB.

Technical details

Mitigation steps:

Affected products:

phpKF CMS

Related links:

https://nvd.nist.gov/vuln/detail/CVE-2021-47753
https://www.exploit-db.com/exploits/50610
https://www.phpkf.com/
https://www.phpkf.com/indirme.php

Related CVE's:

Related threat actors:

IOC's:

This article was created with the assistance of AI technology by Perceptive.

About us

© 2025 by Perceptive Security. All rights reserved.

email: info@perceptivesecurity.com

Deze website toont informatie afkomstig van externe bronnen; Perceptive aanvaardt geen verantwoordelijkheid voor de juistheid, volledigheid of actualiteit van deze informatie.

bottom of page