CVE-2021-47783

MEDIUM

Phpwcms - Unrestricted File Upload

Title source: rule

Description

Phpwcms 1.9.30 contains a file upload vulnerability that allows authenticated attackers to upload malicious SVG files with embedded JavaScript. Attackers can upload crafted SVG payloads through the multiple file upload feature to potentially execute cross-site scripting attacks on the platform.

Exploits (1)

exploitdb WORKING POC

by Okan Kurtulus · textwebappsphp

https://www.exploit-db.com/exploits/50363

View Code ZIP pw:eip

References (3)

[Exploit, VDB Entry] https://www.exploit-db.com/exploits/50363

[Product] http://www.phpwcms.org/

[Third Party Advisory] https://www.vulncheck.com/advisories/phpwcms-arbitrary-file-upload

Scores

CVSS v3 5.4

EPSS 0.0001

EPSS Percentile 1.1%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

CISA SSVC

Vulnrichment

Exploitation poc

Automatable no

Technical Impact partial

Details

CWE

CWE-434

Status published

Products (2)

phpwcms/phpwcms 1.9.30

Phpwcms/Phpwcms 1.9.30

Published Jan 16, 2026

Tracked Since Feb 18, 2026