CVE-2020-37137
BaseFortify
Publication date: 2026-02-05
Last updated on: 2026-02-09
Assigner: VulnCheck
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| php-fusion | phpfusion | 9.03.50 |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-94 | The product constructs all or part of a code segment using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the syntax or behavior of the intended code segment. |
| CWE-95 | The product receives input from an upstream component, but it does not neutralize or incorrectly neutralizes code syntax before using the input in a dynamic evaluation call (e.g. "eval"). |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
[{'type': 'paragraph', 'content': "PHP-Fusion 9.03.50 contains a remote code execution vulnerability in the 'add_panel_form()' function. This vulnerability arises because the application uses the PHP eval() function on user-supplied POST data without proper sanitization."}, {'type': 'paragraph', 'content': "Specifically, the 'panel_content' POST parameter is passed directly into eval(), allowing attackers to inject and execute arbitrary PHP code remotely by sending crafted POST requests to the panels.php administration endpoint."}, {'type': 'paragraph', 'content': "Additionally, there is a cross-site scripting (XSS) vulnerability where the 'panel_content' data is output without proper encoding, enabling injection of malicious JavaScript code."}] [1]
How can this vulnerability impact me? :
[{'type': 'paragraph', 'content': 'This vulnerability can allow an attacker to remotely execute arbitrary code on the affected server, potentially gaining control over the system or accessing sensitive data.'}, {'type': 'paragraph', 'content': 'The attacker can exploit this by sending specially crafted POST requests to the administration panel, which could lead to unauthorized actions, data breaches, or further compromise of the server environment.'}, {'type': 'paragraph', 'content': "Additionally, the cross-site scripting vulnerability can be used to execute malicious scripts in the context of users' browsers, potentially leading to session hijacking or other client-side attacks."}] [1]
How does this vulnerability affect compliance with common standards and regulations (like GDPR, HIPAA)?:
I don't know
How can this vulnerability be detected on my network or system? Can you suggest some commands?
[{'type': 'paragraph', 'content': 'This vulnerability can be detected by monitoring for suspicious POST requests sent to the panels.php administration endpoint, specifically targeting the add_panel_form() function.'}, {'type': 'paragraph', 'content': "Look for POST requests containing the parameter 'panel_content' with potentially malicious or unusual PHP code or script tags."}, {'type': 'paragraph', 'content': 'A practical detection method is to capture and inspect HTTP POST traffic to URLs like: /PHP-Fusion/files/administration/panels.php with parameters such as aid, section=panelform, action=edit, and panel_id.'}, {'type': 'paragraph', 'content': "Example commands to detect such activity include using network traffic analysis tools like tcpdump or tshark to filter HTTP POST requests containing 'panel_content':"}, {'type': 'list_item', 'content': "tcpdump -A -s 0 'tcp port 80 and (((ip[2:2] - ((ip[0]&0xf)<<2)) - ((tcp[12]&0xf0)>>2)) != 0)' | grep 'panel_content='"}, {'type': 'list_item', 'content': 'tshark -Y \'http.request.method == "POST" && http.file_data contains "panel_content"\' -T fields -e http.host -e http.request.uri -e http.file_data'}, {'type': 'paragraph', 'content': "Additionally, reviewing web server logs for POST requests to the panels.php endpoint with suspicious payloads in 'panel_content' can help identify exploitation attempts."}] [1]
What immediate steps should I take to mitigate this vulnerability?
[{'type': 'paragraph', 'content': 'Immediate mitigation steps include restricting access to the panels.php administration endpoint to trusted users only.'}, {'type': 'paragraph', 'content': 'Disable or restrict the functionality that allows editing of panel content via POST requests until a patch or fix is applied.'}, {'type': 'paragraph', 'content': "Implement input validation and sanitization on the 'panel_content' parameter to prevent execution of arbitrary code."}, {'type': 'paragraph', 'content': "Monitor and block suspicious POST requests containing malicious payloads targeting the 'panel_content' parameter."}, {'type': 'paragraph', 'content': 'Apply any available patches or updates from the PHP-Fusion project addressing this vulnerability.'}, {'type': 'paragraph', 'content': 'If patching is not immediately possible, consider using web application firewalls (WAF) to filter and block exploit attempts.'}] [1]