Total
3867 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2020-25515 | 1 Simple Library Management System Project | 1 Simple Library Management System | 2024-11-21 | 4.6 MEDIUM | 7.8 HIGH |
|
Sourcecodester Simple Library Management System 1.0 is affected by Insecure Permissions via Books > New Book , http://<site>/lms/index.php?page=books.
|
|||||
| CVE-2020-25483 | 1 Ucms Project | 1 Ucms | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
|
An arbitrary command execution vulnerability exists in the fopen() function of file writes of UCMS v1.4.8, where an attacker can gain access to the server.
|
|||||
| CVE-2020-25406 | 1 Lemocms | 1 Lemocms | 2024-11-21 | 7.5 HIGH | 7.3 HIGH |
|
app\admin\controller\sys\Uploads.php in lemocms 1.8.x allows users to upload files to upload executable files.
|
|||||
| CVE-2020-25287 | 1 Pligg Project | 1 Pligg | 2024-11-21 | 6.5 MEDIUM | 7.2 HIGH |
|
Pligg 2.0.3 allows remote authenticated users to execute arbitrary commands because the template editor can edit any file, as demonstrated by an admin/admin_editor.php the_file=..%2Findex.php&open=Open request.
|
|||||
| CVE-2020-25149 | 1 Observium | 1 Observium | 2024-11-21 | 6.5 MEDIUM | 8.8 HIGH |
|
An issue was discovered in Observium Professional, Enterprise & Community 20.8.10631. It is vulnerable to directory traversal and local file inclusion due to the fact that there is an unrestricted possibility of loading any file with an inc.php extension. Inclusion of other files (even though limited to the mentioned extension) can lead to Remote Code Execution. This can occur via /device/device=345/?tab=health&metric=../ because of device/health.inc.php.
|
|||||
| CVE-2020-25145 | 1 Observium | 1 Observium | 2024-11-21 | 6.5 MEDIUM | 8.8 HIGH |
|
An issue was discovered in Observium Professional, Enterprise & Community 20.8.10631. It is vulnerable to directory traversal and local file inclusion due to the fact that there is an unrestricted possibility of loading any file with an inc.php extension. Inclusion of other files (even though limited to the mentioned extension) can lead to Remote Code Execution. This can occur via /device/device=345/?tab=ports&view=../ URIs because of device/port.inc.php.
|
|||||
| CVE-2020-25144 | 1 Observium | 1 Observium | 2024-11-21 | 6.5 MEDIUM | 8.8 HIGH |
|
An issue was discovered in Observium Professional, Enterprise & Community 20.8.10631. It is vulnerable to directory traversal and local file inclusion due to the fact that there is an unrestricted possibility of loading any file with an inc.php extension. Inclusion of other files (even though limited to the mentioned extension) can lead to Remote Code Execution. This can occur via /apps/?app=../ URIs.
|
|||||
| CVE-2020-25136 | 1 Observium | 1 Observium | 2024-11-21 | 6.5 MEDIUM | 8.8 HIGH |
|
An issue was discovered in Observium Professional, Enterprise & Community 20.8.10631. It is vulnerable to directory traversal and local file inclusion due to the fact that there is an unrestricted possibility of loading any file with an inc.php extension. Inclusion of other files (even though limited to the mentioned extension) can lead to Remote Code Execution. This can occur via /device/device=345/?tab=routing&proto=../ URIs to device/routing.inc.php.
|
|||||
| CVE-2020-25134 | 1 Observium | 1 Observium | 2024-11-21 | 6.5 MEDIUM | 8.8 HIGH |
|
An issue was discovered in Observium Professional, Enterprise & Community 20.8.10631. It is vulnerable to directory traversal and local file inclusion due to the fact that there is an unrestricted possibility of loading any file with an inc.php extension. Inclusion of other files (even though limited to the mentioned extension) can lead to Remote Code Execution. This can occur via /settings/?format=../ URIs to pages/settings.inc.php.
|
|||||
| CVE-2020-25133 | 1 Observium | 1 Observium | 2024-11-21 | 6.5 MEDIUM | 8.8 HIGH |
|
An issue was discovered in Observium Professional, Enterprise & Community 20.8.10631. It is vulnerable to directory traversal and local file inclusion due to the fact that there is an unrestricted possibility of loading any file with an inc.php extension. Inclusion of other files (even though limited to the mentioned extension) can lead to Remote Code Execution. This can occur via /ports/?format=../ URIs to pages/ports.inc.php.
|
|||||
| CVE-2020-25042 | 1 Maracms | 1 Maracms | 2024-11-21 | 6.5 MEDIUM | 7.2 HIGH |
|
An arbitrary file upload issue exists in Mara CMS 7.5. In order to exploit this, an attacker must have a valid authenticated (admin/manager) session and make a codebase/dir.php?type=filenew request to upload PHP code to codebase/handler.php.
|
|||||
| CVE-2020-25037 | 1 Ucopia | 1 Ucopia Wireless Appliance | 2024-11-21 | 7.2 HIGH | 8.2 HIGH |
|
UCOPIA Wi-Fi appliances 6.0.5 allow arbitrary code execution with admin user privileges via an escape from a restricted command.
|
|||||
| CVE-2020-25010 | 1 Kyland | 2 Kps2204 6 Port Managed Din-rail Programmable Serial Device, Kps2204 6 Port Managed Din-rail Programmable Serial Device Firmware | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
|
An arbitrary code execution vulnerability in Kyland KPS2204 6 Port Managed Din-Rail Programmable Serial Device Servers Software Version:R0002.P05 allows remote attackers to upload a malicious script file by constructing a POST type request and writing a payload in the request parameters as an instruction to write a file.
|
|||||
| CVE-2020-24986 | 1 Concretecms | 1 Concrete Cms | 2024-11-21 | 9.0 HIGH | 7.2 HIGH |
|
Concrete5 up to and including 8.5.2 allows Unrestricted Upload of File with Dangerous Type such as a .php file via File Manager. It is possible to modify site configuration to upload the PHP file and execute arbitrary commands.
|
|||||
| CVE-2020-24948 | 1 Autoptimize | 1 Autoptimize | 2024-11-21 | 6.5 MEDIUM | 7.2 HIGH |
|
The ao_ccss_import AJAX call in Autoptimize Wordpress Plugin 2.7.6 does not ensure that the file provided is a legitimate Zip file, allowing high privilege users to upload arbitrary files, such as PHP, leading to remote command execution.
|
|||||
| CVE-2020-24549 | 1 Openmaint | 1 Openmaint | 2024-11-21 | 6.5 MEDIUM | 8.8 HIGH |
|
openMAINT before 1.1-2.4.2 allows remote authenticated users to run arbitrary JSP code on the underlying web server.
|
|||||
| CVE-2020-24407 | 1 Magento | 1 Magento | 2024-11-21 | 9.0 HIGH | 9.1 CRITICAL |
|
Magento versions 2.4.0 and 2.3.5p1 (and earlier) are affected by an unsafe file upload vulnerability that could result in arbitrary code execution. This vulnerability could be abused by authenticated users with administrative permissions to the System/Data and Transfer/Import components.
|
|||||
| CVE-2020-24203 | 1 Projectworlds | 1 Travel Management System | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
|
Insecure File Permissions and Arbitrary File Upload in the upload pic function in updatesubcategory.php in Projects World Travel Management System v1.0 allows remote unauthenticated attackers to gain remote code execution.
|
|||||
| CVE-2020-24202 | 1 Projectworlds | 1 House Rental And Property Listing Project | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
|
File Upload component in Projects World House Rental v1.0 suffers from an arbitrary file upload vulnerability with regular users, which allows remote attackers to conduct code execution.
|
|||||
| CVE-2020-24199 | 1 Projectworlds | 1 Car Rental Project | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
|
Arbitrary File Upload in the Vehicle Image Upload component in Project Worlds Car Rental Management System v1.0 allows attackers to conduct remote code execution.
|
|||||
| CVE-2020-24196 | 1 Online Bike Rental Project | 1 Online Bike Rental | 2024-11-21 | 6.5 MEDIUM | 7.2 HIGH |
|
An Arbitrary File Upload in Vehicle Image Upload in Online Bike Rental v1.0 allows authenticated admin to conduct remote code execution.
|
|||||
| CVE-2020-24195 | 1 Online Bike Rental Project | 1 Online Bike Rental | 2024-11-21 | 6.5 MEDIUM | 9.1 CRITICAL |
|
An Arbitrary File Upload in the Upload Image component in Sourcecodester Online Bike Rental v1.0 allows authenticated administrator to conduct remote code execution.
|
|||||
| CVE-2020-24186 | 1 Gvectors | 1 Wpdiscuz | 2024-11-21 | 7.5 HIGH | 10.0 CRITICAL |
|
A Remote Code Execution vulnerability exists in the gVectors wpDiscuz plugin 7.0 through 7.0.4 for WordPress, which allows unauthenticated users to upload any type of file, including PHP files via the wmuUploadFiles AJAX action.
|
|||||
| CVE-2020-23972 | 1 Gmapfp | 1 Gmapfp | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
|
In Joomla Component GMapFP Version J3.5 and J3.5free, an attacker can access the upload function without authenticating to the application and can also upload files which due to issues of unrestricted file uploads which can be bypassed by changing the content-type and name file too double extensions.
|
|||||
| CVE-2020-23829 | 1 Librehealth | 1 Librehealth Ehr | 2024-11-21 | 6.5 MEDIUM | 8.8 HIGH |
|
interface/new/new_comprehensive_save.php in LibreHealth EHR 2.0.0 suffers from an authenticated file upload vulnerability, allowing remote attackers to achieve remote code execution (RCE) on the hosting webserver by uploading a maliciously crafted image.
|
|||||
| CVE-2020-23828 | 1 Online Course Registration Project | 1 Online Course Registration | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
|
A File Upload vulnerability in SourceCodester Online Course Registration v1.0 allows remote attackers to achieve Remote Code Execution (RCE) on the hosting webserver by uploading a crafted PHP web-shell that bypasses the image upload filters. An attack uses /Online%20Course%20Registration/my-profile.php with the POST parameter photo.
|
|||||
| CVE-2020-23790 | 1 Uxper | 1 Golo | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
|
An Arbitrary File Upload vulnerability was discovered in the Golo Laravel theme v 1.1.5.
|
|||||
| CVE-2020-23765 | 1 Bludit | 1 Bludit | 2024-11-21 | 6.5 MEDIUM | 7.2 HIGH |
|
A file upload vulnerability was discovered in the file path /bl-plugins/backup/plugin.php on Bludit version 3.12.0. If an attacker is able to gain Administrator rights they will be able to use unsafe plugins to upload a backup file and control the server.
|
|||||
| CVE-2020-23572 | 1 Beescms | 1 Beescms | 2024-11-21 | 6.8 MEDIUM | 8.8 HIGH |
|
BEESCMS v4.0 was discovered to contain an arbitrary file upload vulnerability via the component /admin/upload.php. This vulnerability allows attackers to execute arbitrary code via a crafted image file.
|
|||||
| CVE-2020-23564 | 1 Sem-cms | 1 Semcms | 2024-11-21 | N/A | 7.2 HIGH |
|
File Upload vulnerability in SEMCMS 3.9 allows remote attackers to run arbitrary code via SEMCMS_Upfile.php.
|
|||||
| CVE-2020-23520 | 1 Txjia | 1 Imcat | 2024-11-21 | 6.5 MEDIUM | 7.2 HIGH |
|
imcat 5.2 allows an authenticated file upload and consequently remote code execution via the picture functionality.
|
|||||
| CVE-2020-23138 | 1 Microweber | 1 Microweber | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
|
An unrestricted file upload vulnerability was discovered in the Microweber 1.1.18 admin account page. An attacker can upload PHP code or any extension (eg- .exe) to the web server by providing image data and the image/jpeg content type with a .php extension.
|
|||||
| CVE-2020-23083 | 1 Guojusoft | 1 Jeecg | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
|
Unrestricted File Upload in JEECG v4.0 and earlier allows remote attackers to execute arbitrary code or gain privileges by uploading a crafted file to the component "jeecgFormDemoController.do?commonUpload".
|
|||||
| CVE-2020-23043 | 1 Air Sender Project | 1 Air Sender | 2024-11-21 | 6.5 MEDIUM | 8.8 HIGH |
|
Tran Tu Air Sender v1.0.2 was discovered to contain an arbitrary file upload vulnerability in the upload module. This vulnerability allows attackers to execute arbitrary code via a crafted file.
|
|||||
| CVE-2020-22722 | 2 Microsoft, Rapidscada | 2 Windows, Rapid Scada | 2024-11-21 | 7.2 HIGH | 7.8 HIGH |
|
Rapid Software LLC Rapid SCADA 5.8.0 is affected by a local privilege escalation vulnerability in the ScadaAgentSvc.exe executable file. An attacker can obtain admin privileges by placing a malicious .exe file in the application and renaming it ScadaAgentSvc.exe, which would result in executing the binary as NT AUTHORITY\SYSTEM in a Windows operating system. For example, an attacker can plant a reverse shell from a low privileged user account and by restarting the computer, the malicious service ...
Show More |
|||||
| CVE-2020-22721 | 1 Pnotes.net Project | 1 Pnotes.net | 2024-11-21 | 4.6 MEDIUM | 7.8 HIGH |
|
A File Upload Vulnerability in PNotes - Andrey Gruber PNotes.NET v3.8.1.2 allows a local attacker to execute arbitrary code via the Miscellaneous " External Programs by uploading the malicious .exe file to the external program.
|
|||||
| CVE-2020-22643 | 1 Feehi | 1 Feehi Cms | 2024-11-21 | 6.5 MEDIUM | 7.2 HIGH |
|
Feehi CMS 2.1.0 is affected by an arbitrary file upload vulnerability, potentially resulting in remote code execution. After an administrator logs in, open the administrator image upload page to potentially upload malicious files.
|
|||||
| CVE-2020-22249 | 1 Phplist | 1 Phplist | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
|
Remote Code Execution vulnerability in phplist 3.5.1. The application does not check any file extensions stored in the plugin zip file, Uploading a malicious plugin which contains the php files with extensions like PHP,phtml,php7 will be copied to the plugins directory which would lead to the remote code execution
|
|||||
| CVE-2020-22159 | 1 Evertz | 6 3080ipx, 3080ipx Firmware, 7801fc and 3 more | 2024-11-21 | N/A | 8.8 HIGH |
|
EVERTZ devices 3080IPX exe-guest-v1.2-r26125, 7801FC 1.3 Build 27, and 7890IXG V494 are vulnerable to Arbitrary File Upload, allowing an authenticated attacker to upload a webshell or overwrite any critical system files.
|
|||||
| CVE-2020-22153 | 1 Thedaylightstudio | 1 Fuel Cms | 2024-11-21 | N/A | 9.8 CRITICAL |
|
File Upload vulnerability in FUEL-CMS v.1.4.6 allows a remote attacker to execute arbitrary code via a crafted .php file to the upload parameter in the navigation function.
|
|||||