CVE-2026-39292
PHPPageBuilder v0.31.0 Unrestricted File Upload RCE
Publication date: 2026-05-29
Last updated on: 2026-05-29
Assigner: MITRE
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| falco_solutions | phppagebuilder | 0.31.0 |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-UNKNOWN |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
CVE-2026-39292 is an unrestricted file upload vulnerability in Falco Solutions PHPPageBuilder version 0.31.0, specifically in the pagemanager/pagebuilder module.
This vulnerability allows remote attackers, whether authenticated or unauthenticated, to upload arbitrary files without proper validation of file types or executable content.
As a result, attackers can upload malicious files that lead to remote code execution (RCE) on the affected system.
How can this vulnerability impact me? :
The vulnerability can have severe impacts including unauthorized remote code execution, which means attackers can run arbitrary code on your server.
This can lead to full system compromise, data theft, defacement of websites, installation of malware, or use of the server as a launchpad for further attacks.
How can this vulnerability be detected on my network or system? Can you suggest some commands?
This vulnerability involves an unrestricted file upload in the pagemanager/pagebuilder module of PHPPageBuilder v0.31.0, allowing remote attackers to upload arbitrary files and execute remote code.
To detect this vulnerability on your system, you can monitor for suspicious file uploads to the pagemanager/pagebuilder module, especially files with executable content or unexpected file types.
Suggested commands include checking web server logs for POST requests to the pagemanager/pagebuilder upload endpoints and scanning uploaded files for executable code.
- Use grep or similar tools to find upload attempts: grep -i 'pagemanager/pagebuilder' /var/log/apache2/access.log
- List recently uploaded files in the upload directory and check their types: ls -l /path/to/upload/directory && file /path/to/upload/directory/*
- Scan uploaded files for suspicious content or web shells using tools like ClamAV or custom scripts.
What immediate steps should I take to mitigate this vulnerability?
Immediate mitigation steps include restricting or disabling file uploads in the pagemanager/pagebuilder module until a patch or fix is applied.
Implement strict validation on uploaded files to allow only safe file types and reject executable content.
Restrict access to the upload functionality to authenticated and authorized users only.
Monitor and audit upload directories regularly for any unauthorized or suspicious files.
If possible, update or patch PHPPageBuilder to a version that addresses this vulnerability once available.
How does this vulnerability affect compliance with common standards and regulations (like GDPR, HIPAA)?:
The vulnerability in Falco Solutions PHPPageBuilder v0.31.0 allows remote attackers to upload arbitrary files and achieve remote code execution due to insufficient validation of uploaded file types and executable content.
Such a vulnerability could potentially lead to unauthorized access to sensitive data or systems, which may impact compliance with standards and regulations like GDPR and HIPAA that require protection of personal and health information.
However, the provided information does not explicitly describe the direct effects of this vulnerability on compliance with these regulations.