Total
3867 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2020-21976 | 1 Newsone Cms Project | 1 Newsone Cms | 2024-11-21 | 9.0 HIGH | 8.8 HIGH |
|
An arbitrary file upload in the <input type="file" name="user_image"> component of NewsOne CMS v1.1.0 allows attackers to webshell and execute arbitrary commands.
|
|||||
| CVE-2020-21861 | 1 Duxcms Project | 1 Duxcms | 2024-11-21 | N/A | 8.8 HIGH |
|
File upload vulnerability in DuxCMS 2.1 allows attackers to execute arbitrary php code via duxcms/AdminUpload/upload.
|
|||||
| CVE-2020-21787 | 1 Crmeb | 1 Crmeb | 2024-11-21 | 10.0 HIGH | 9.8 CRITICAL |
|
CRMEB 3.1.0+ is vulnerable to File Upload Getshell via /crmeb/crmeb/services/UploadService.php.
|
|||||
| CVE-2020-21786 | 1 Ibos | 1 Ibos | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
|
In IBOS 4.5.4 Open, Arbitrary File Inclusion causes getshell via /system/modules/dashboard/controllers/CronController.php.
|
|||||
| CVE-2020-21585 | 1 Emlog | 1 Emlog | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
|
Vulnerability in emlog v6.0.0 allows user to upload webshells via zip plugin module.
|
|||||
| CVE-2020-21564 | 1 Pluck-cms | 1 Pluck | 2024-11-21 | 6.5 MEDIUM | 8.8 HIGH |
|
An issue was discovered in Pluck CMS 4.7.10-dev2 and 4.7.11. There is a file upload vulnerability that can cause a remote command execution via admin.php?action=files.
|
|||||
| CVE-2020-21516 | 1 Feehi | 1 Feehicms | 2024-11-21 | N/A | 9.8 CRITICAL |
|
There is an arbitrary file upload vulnerability in FeehiCMS 2.0.8 at the head image upload, that allows attackers to execute relevant PHP code.
|
|||||
| CVE-2020-21483 | 1 Jizhicms | 1 Jizhicms | 2024-11-21 | 6.5 MEDIUM | 7.2 HIGH |
|
An arbitrary file upload vulnerability in Jizhicms v1.5 allows attackers to execute arbitrary code via a crafted .jpg file which is later changed to a PHP file.
|
|||||
| CVE-2020-21481 | 1 Rgcms Project | 1 Rgcms | 2024-11-21 | 6.5 MEDIUM | 7.2 HIGH |
|
An arbitrary file upload vulnerability in RGCMS v1.06 allows attackers to execute arbitrary code via a crafted .txt file which is later changed to a PHP file.
|
|||||
| CVE-2020-21452 | 1 Uniview | 2 Isc2500-s, Isc2500-s Firmware | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
|
An issue was discovered in uniview ISC2500-S. This is an upload vulnerability where an attacker can upload malicious code via /Interface/DevManage/EC.php?cmd=upload
|
|||||
| CVE-2020-21359 | 1 Maccms | 1 Maccms | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
|
An arbitrary file upload vulnerability in the Template Upload function of Maccms10 allows attackers bypass the suffix whitelist verification to execute arbitrary code via adding a character to the end of the uploaded file's name.
|
|||||
| CVE-2020-21322 | 1 Feehi | 1 Feehicms | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
|
An arbitrary file upload vulnerability in Feehi CMS v2.0.8 and below allows attackers to execute arbitrary code via a crafted PHP file.
|
|||||
| CVE-2020-21005 | 1 Wellcms | 1 Wellcms | 2024-11-21 | 4.0 MEDIUM | 6.5 MEDIUM |
|
WellCMS 2.0 beta3 is vulnerable to File Upload. A user can log in to the CMS background and upload a picture. Because the upload file type is controllable, the user can modify the upload file type to get webshell.
|
|||||
| CVE-2020-20979 | 1 8cms | 1 Ljcms | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
|
An arbitrary file upload vulnerability in the move_uploaded_file() function of LJCMS v4.3 allows attackers to execute arbitrary code.
|
|||||
| CVE-2020-20691 | 1 Monstra | 1 Monstra Cms | 2024-11-21 | 5.8 MEDIUM | 6.5 MEDIUM |
|
An issue in Monstra CMS v3.0.4 allows attackers to execute arbitrary web scripts or HTML via bypassing the file extension filter and uploading crafted HTML files.
|
|||||
| CVE-2020-20672 | 1 Kitesky | 1 Kitecms | 2024-11-21 | 6.8 MEDIUM | 7.8 HIGH |
|
An arbitrary file upload vulnerability in /admin/upload/uploadfile of KiteCMS V1.1 allows attackers to getshell via a crafted PHP file.
|
|||||
| CVE-2020-20670 | 1 Zkea | 1 Zkeacms | 2024-11-21 | 6.8 MEDIUM | 8.8 HIGH |
|
An arbitrary file upload vulnerability in /admin/media/upload of ZKEACMS V3.2.0 allows attackers to execute arbitrary code via a crafted HTML file.
|
|||||
| CVE-2020-20287 | 1 Yccms | 1 Yccms | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
|
Unrestricted file upload vulnerability in the yccms 3.3 project. The xhUp function's improper judgment of the request parameters, triggers remote code execution.
|
|||||
| CVE-2020-20210 | 1 Bludit | 1 Bludit | 2024-11-21 | N/A | 8.8 HIGH |
|
Bludit 3.9.2 is vulnerable to Remote Code Execution (RCE) via /admin/ajax/upload-images.
|
|||||
| CVE-2020-20092 | 1 Articlecms Project | 1 Articlecms | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
|
File Upload vulnerability exists in ArticleCMS 1.0 via the image upload feature at /admin by changing the Content-Type to image/jpeg and placing PHP code after the JPEG data, which could let a remote malicious user execute arbitrary PHP code.
|
|||||
| CVE-2020-1469 | 1 Microsoft | 1 Bond | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
|
A denial of service vulnerability exists when the .NET implementation of Bond improperly parses input, aka 'Bond Denial of Service Vulnerability'.
|
|||||
| CVE-2020-1112 | 1 Microsoft | 8 Windows 10, Windows 7, Windows 8.1 and 5 more | 2024-11-21 | 9.0 HIGH | 9.9 CRITICAL |
|
An elevation of privilege vulnerability exists when the Windows Background Intelligent Transfer Service (BITS) IIS module improperly handles uploaded content, aka 'Windows Background Intelligent Transfer Service Elevation of Privilege Vulnerability'.
|
|||||
| CVE-2020-1102 | 1 Microsoft | 2 Sharepoint Enterprise Server, Sharepoint Server | 2024-11-21 | 6.5 MEDIUM | 8.8 HIGH |
|
A remote code execution vulnerability exists in Microsoft SharePoint when the software fails to check the source markup of an application package, aka 'Microsoft SharePoint Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2020-1023, CVE-2020-1024.
|
|||||
| CVE-2020-1024 | 1 Microsoft | 3 Sharepoint Enterprise Server, Sharepoint Foundation, Sharepoint Server | 2024-11-21 | 6.5 MEDIUM | 8.8 HIGH |
|
A remote code execution vulnerability exists in Microsoft SharePoint when the software fails to check the source markup of an application package, aka 'Microsoft SharePoint Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2020-1023, CVE-2020-1102.
|
|||||
| CVE-2020-1023 | 1 Microsoft | 3 Sharepoint Enterprise Server, Sharepoint Foundation, Sharepoint Server | 2024-11-21 | 6.5 MEDIUM | 8.8 HIGH |
|
A remote code execution vulnerability exists in Microsoft SharePoint when the software fails to check the source markup of an application package, aka 'Microsoft SharePoint Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2020-1024, CVE-2020-1102.
|
|||||
| CVE-2020-19672 | 1 Niushop | 1 Niushop | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
|
Niushop B2B2C Multi-business basic version V1.11, can bypass the administrator to obtain the background upload interface, through parameter upload, bypass the getimagesize function, upload php file, getshell.
|
|||||
| CVE-2020-19642 | 1 Insma | 2 Wifi Mini Spy 1080p Hd Security Ip Camera, Wifi Mini Spy 1080p Hd Security Ip Camera Firmware | 2024-11-21 | 4.6 MEDIUM | 6.2 MEDIUM |
|
An issue was discovered in INSMA Wifi Mini Spy 1080P HD Security IP Camera 1.9.7 B. A local attacker can execute arbitrary code via editing the 'recdata.db' file to call a specially crafted GoAhead ASP-file on the SD card.
|
|||||
| CVE-2020-19510 | 2 Microsoft, Textpattern | 2 Windows, Textpattern | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
|
Textpattern 4.7.3 contains an aribtrary file load via the file_insert function in include/txp_file.php.
|
|||||
| CVE-2020-19364 | 1 Open-emr | 1 Openemr | 2024-11-21 | 6.5 MEDIUM | 8.8 HIGH |
|
OpenEMR 5.0.1 allows an authenticated attacker to upload and execute malicious PHP scripts through /controller.php.
|
|||||
| CVE-2020-19303 | 1 Houdunren | 1 Hdcms | 2024-11-21 | 6.8 MEDIUM | 7.8 HIGH |
|
An arbitrary file upload vulnerability in /fileupload.php of hdcms 5.7 allows attackers to execute arbitrary code via a crafted file.
|
|||||
| CVE-2020-19302 | 1 Vaethink | 1 Vaethink | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
|
An arbitrary file upload vulnerability in the avatar upload function of vaeThink v1.0.1 allows attackers to open a webshell via changing uploaded file suffixes to ".php".
|
|||||
| CVE-2020-19267 | 1 Dswjcms Project | 1 Dswjcms | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
|
An issue in index.php/Dswjcms/Basis/resources of Dswjcms 1.6.4 allows attackers to execute arbitrary code via uploading a crafted PHP file.
|
|||||
| CVE-2020-19228 | 1 Bludit | 1 Bludit | 2024-11-21 | 9.0 HIGH | 7.2 HIGH |
|
An issue was found in bludit v3.13.0, unsafe implementation of the backup plugin allows attackers to upload arbitrary files.
|
|||||
| CVE-2020-19138 | 1 Dotcms | 1 Dotcms | 2024-11-21 | 10.0 HIGH | 9.8 CRITICAL |
|
Unrestricted Upload of File with Dangerous Type in DotCMS v5.2.3 and earlier allow remote attackers to execute arbitrary code via the component "/src/main/java/com/dotmarketing/filters/CMSFilter.java".
|
|||||
| CVE-2020-19113 | 1 Projectworlds | 1 Online Book Store Project In Php | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
|
Arbitrary File Upload vulnerability in Online Book Store v1.0 in admin_add.php, which may lead to remote code execution.
|
|||||
| CVE-2020-18912 | 1 Earcms | 1 Ear | 2024-11-21 | N/A | 9.8 CRITICAL |
|
An issue found in Earcms Ear App v.20181124 allows a remote attacker to execute arbitrary code via the uload/index-uplog.php.
|
|||||
| CVE-2020-18886 | 1 Phpmywind | 1 Phpmywind | 2024-11-21 | 6.5 MEDIUM | 7.2 HIGH |
|
Unrestricted File Upload in PHPMyWind v5.6 allows remote attackers to execute arbitrary code via the component 'admin/upload_file_do.php'.
|
|||||
| CVE-2020-18879 | 1 Bludit | 1 Bludit | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
|
Unrestricted File Upload in Bludit v3.8.1 allows remote attackers to execute arbitrary code by uploading malicious files via the component 'bl-kereln/ajax/upload-logo.php'.
|
|||||
| CVE-2020-18704 | 1 Fusionbox | 1 Widgy | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
|
Unrestricted Upload of File with Dangerous Type in Django-Widgy v0.8.4 allows remote attackers to execute arbitrary code via the 'image' widget in the component 'Change Widgy Page'.
|
|||||
| CVE-2020-18462 | 1 Aikcms | 1 Aikcms | 2024-11-21 | 6.5 MEDIUM | 7.2 HIGH |
|
File Upload vulnerabilty in AikCms v2.0.0 in poster_edit.php because the background file management office does not verify the uploaded file.
|
|||||