Total
3641 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2020-22721 | 1 Pnotes.net Project | 1 Pnotes.net | 2024-11-21 | 4.6 MEDIUM | 7.8 HIGH |
| A File Upload Vulnerability in PNotes - Andrey Gruber PNotes.NET v3.8.1.2 allows a local attacker to execute arbitrary code via the Miscellaneous " External Programs by uploading the malicious .exe file to the external program. | |||||
| CVE-2020-22643 | 1 Feehi | 1 Feehi Cms | 2024-11-21 | 6.5 MEDIUM | 7.2 HIGH |
| Feehi CMS 2.1.0 is affected by an arbitrary file upload vulnerability, potentially resulting in remote code execution. After an administrator logs in, open the administrator image upload page to potentially upload malicious files. | |||||
| CVE-2020-22249 | 1 Phplist | 1 Phplist | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| Remote Code Execution vulnerability in phplist 3.5.1. The application does not check any file extensions stored in the plugin zip file, Uploading a malicious plugin which contains the php files with extensions like PHP,phtml,php7 will be copied to the plugins directory which would lead to the remote code execution | |||||
| CVE-2020-22159 | 1 Evertz | 6 3080ipx, 3080ipx Firmware, 7801fc and 3 more | 2024-11-21 | N/A | 8.8 HIGH |
| EVERTZ devices 3080IPX exe-guest-v1.2-r26125, 7801FC 1.3 Build 27, and 7890IXG V494 are vulnerable to Arbitrary File Upload, allowing an authenticated attacker to upload a webshell or overwrite any critical system files. | |||||
| CVE-2020-22153 | 1 Thedaylightstudio | 1 Fuel Cms | 2024-11-21 | N/A | 9.8 CRITICAL |
| File Upload vulnerability in FUEL-CMS v.1.4.6 allows a remote attacker to execute arbitrary code via a crafted .php file to the upload parameter in the navigation function. | |||||
| CVE-2020-21976 | 1 Newsone Cms Project | 1 Newsone Cms | 2024-11-21 | 9.0 HIGH | 8.8 HIGH |
| An arbitrary file upload in the <input type="file" name="user_image"> component of NewsOne CMS v1.1.0 allows attackers to webshell and execute arbitrary commands. | |||||
| CVE-2020-21861 | 1 Duxcms Project | 1 Duxcms | 2024-11-21 | N/A | 8.8 HIGH |
| File upload vulnerability in DuxCMS 2.1 allows attackers to execute arbitrary php code via duxcms/AdminUpload/upload. | |||||
| CVE-2020-21787 | 1 Crmeb | 1 Crmeb | 2024-11-21 | 10.0 HIGH | 9.8 CRITICAL |
| CRMEB 3.1.0+ is vulnerable to File Upload Getshell via /crmeb/crmeb/services/UploadService.php. | |||||
| CVE-2020-21786 | 1 Ibos | 1 Ibos | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| In IBOS 4.5.4 Open, Arbitrary File Inclusion causes getshell via /system/modules/dashboard/controllers/CronController.php. | |||||
| CVE-2020-21585 | 1 Emlog | 1 Emlog | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| Vulnerability in emlog v6.0.0 allows user to upload webshells via zip plugin module. | |||||
| CVE-2020-21564 | 1 Pluck-cms | 1 Pluck | 2024-11-21 | 6.5 MEDIUM | 8.8 HIGH |
| An issue was discovered in Pluck CMS 4.7.10-dev2 and 4.7.11. There is a file upload vulnerability that can cause a remote command execution via admin.php?action=files. | |||||
| CVE-2020-21516 | 1 Feehi | 1 Feehicms | 2024-11-21 | N/A | 9.8 CRITICAL |
| There is an arbitrary file upload vulnerability in FeehiCMS 2.0.8 at the head image upload, that allows attackers to execute relevant PHP code. | |||||
| CVE-2020-21483 | 1 Jizhicms | 1 Jizhicms | 2024-11-21 | 6.5 MEDIUM | 7.2 HIGH |
| An arbitrary file upload vulnerability in Jizhicms v1.5 allows attackers to execute arbitrary code via a crafted .jpg file which is later changed to a PHP file. | |||||
| CVE-2020-21481 | 1 Rgcms Project | 1 Rgcms | 2024-11-21 | 6.5 MEDIUM | 7.2 HIGH |
| An arbitrary file upload vulnerability in RGCMS v1.06 allows attackers to execute arbitrary code via a crafted .txt file which is later changed to a PHP file. | |||||
| CVE-2020-21452 | 1 Uniview | 2 Isc2500-s, Isc2500-s Firmware | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| An issue was discovered in uniview ISC2500-S. This is an upload vulnerability where an attacker can upload malicious code via /Interface/DevManage/EC.php?cmd=upload | |||||
| CVE-2020-21359 | 1 Maccms | 1 Maccms | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| An arbitrary file upload vulnerability in the Template Upload function of Maccms10 allows attackers bypass the suffix whitelist verification to execute arbitrary code via adding a character to the end of the uploaded file's name. | |||||
| CVE-2020-21322 | 1 Feehi | 1 Feehicms | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| An arbitrary file upload vulnerability in Feehi CMS v2.0.8 and below allows attackers to execute arbitrary code via a crafted PHP file. | |||||
| CVE-2020-21005 | 1 Wellcms | 1 Wellcms | 2024-11-21 | 4.0 MEDIUM | 6.5 MEDIUM |
| WellCMS 2.0 beta3 is vulnerable to File Upload. A user can log in to the CMS background and upload a picture. Because the upload file type is controllable, the user can modify the upload file type to get webshell. | |||||
| CVE-2020-20979 | 1 8cms | 1 Ljcms | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| An arbitrary file upload vulnerability in the move_uploaded_file() function of LJCMS v4.3 allows attackers to execute arbitrary code. | |||||
| CVE-2020-20691 | 1 Monstra | 1 Monstra Cms | 2024-11-21 | 5.8 MEDIUM | 6.5 MEDIUM |
| An issue in Monstra CMS v3.0.4 allows attackers to execute arbitrary web scripts or HTML via bypassing the file extension filter and uploading crafted HTML files. | |||||