Phpfusion.py

: High. It allows unauthenticated or low-privileged users to execute commands in the security context of the web server.

: Ensure all 3rd-party addons (infusions) are reputable and updated, as they are common entry points for hackers. Home - Official Home of the PHPFusion CMS PHPFusion.py

: Move to the latest version of PHPFusion (e.g., 9.10.30 or newer), as older versions are notorious for unpatched security flaws. : High

: While this specific RCE script targets version 9.03.50, other notable PHPFusion vulnerabilities include CVE-2019-12099 (avatar upload RCE) and CVE-2023-2453 (authenticated Local File Inclusion). Defensive Recommendations Home - Official Home of the PHPFusion CMS

To protect a PHPFusion installation from such scripts, administrators should:

: Once the target is verified, it sends the request payload to trigger the code execution. Vulnerability Context Version Affected : Specifically PHPFusion 9.03.50 .