Wiz
Vulnerability DatabaseCVE-2021-28931

CVE-2021-28931
PHP vulnerability analysis and mitigation

Overview

Fork CMS version 5.9.2 contains an arbitrary file upload vulnerability (CVE-2021-28931) that was disclosed on July 7, 2021. The vulnerability allows attackers to create or replace arbitrary files in the /themes directory of the content management system (NVD).

Technical details

The vulnerability exists in the Themes panel of the settings tab, where authenticated users can upload new themes. An attacker can craft a custom zip file containing malicious code and a .htaccess file to create arbitrary files in the Themes folder. The .htaccess file can be configured to instruct the web server to execute new file types under the web application context (GitHub POC).

Impact

A successful exploitation of this vulnerability can result in complete web server compromise, particularly in shared hosting environments. Additionally, attackers can gain access to the database since they can read/access configuration files (GitHub POC).

Mitigation and workarounds

To mitigate this vulnerability, developers should implement proper file sanitization during theme uploads, specifically to disallow .htaccess files. Users should upgrade to a version newer than 5.9.2 (GitHub POC).

Additional resources

SourceThis report was generated using AI

Related PHP vulnerabilities:

CVE ID

Severity

Score

Technologies

Component name

CISA KEV exploit

Has fix

Published date

CVE-2025-65346CRITICAL9.1
  • PHPPHP
  • alexusmai/laravel-file-manager
NoNoDec 04, 2025
CVE-2025-66468HIGH7.6
  • PHPPHP
  • aimeos/ai-cms-grapesjs
NoYesDec 02, 2025
CVE-2025-65345MEDIUM6.5
  • PHPPHP
  • alexusmai/laravel-file-manager
NoNoDec 03, 2025
CVE-2025-65657MEDIUM6.5
  • PHPPHP
  • feehi/cms
NoNoDec 02, 2025
CVE-2025-65186MEDIUM6.1
  • PHPPHP
  • getgrav/grav
NoNoDec 02, 2025

Free Vulnerability Assessment

Benchmark your Cloud Security Posture

Evaluate your cloud security practices across 9 security domains to benchmark your risk level and identify gaps in your defenses.

Request assessment

Additional Wiz resources

Cloud Vulnerability DB

Cloud Vulnerability DB

A community-led vulnerabilities database

Cloud Threat Landscape

Cloud Threat Landscape

A threat intelligence database

PEACH

PEACH

A tenant isolation framework

Get a personalized demo

Ready to see Wiz in action?

"Best User Experience I have ever seen, provides full visibility to cloud workloads."
David EstlickCISO
"Wiz provides a single pane of glass to see what is going on in our cloud environments."
Adam FletcherChief Security Officer
"We know that if Wiz identifies something as critical, it actually is."
Greg PoniatowskiHead of Threat and Vulnerability Management
Get a demo