Vulnerability Details: Phpwcms 1.9.30 - Arbitrary File Upload Severity Medium Date January 15, 2026 Affected Version Phpwcms 1.9.30 CVE ID CVE-2021-47783 CWE ID CWE-434: Unrestricted Upload of File with Dangerous Type CVSS Score V2.0: N/A V3.0: N/A V3.1: 8.1 Vector String: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H Related Links ExploitDB-50363 Official Product Homepage Credit Okan Kurtulus Description Phpwcms 1.9.30 contains a file upload vulnerability that allows authenticated attackers to upload malicious SVG files with embedded JavaScript. Attackers can upload crafted SVG payloads through the multiple file upload feature to potentially execute cross-site scripting attacks on the platform. Vulnerability Type Arbitrary File Upload