HS Brand Logo Slider 2.1 contains an unrestricted file upload vulnerability that allows authenticated users to bypass client-side file extension validation by uploading arbitrary files. Attackers can intercept upload requests to the logoupload parameter in the admin interface and rename files to executable extensions .php to achieve remote code execution.
References
Configurations
No configuration.
History
16 May 2026, 16:16
| Type | Values Removed | Values Added |
|---|---|---|
| New CVE |
Information
Published : 2026-05-16 16:16
Updated : 2026-06-17 03:17
NVD link : CVE-2020-37227
Mitre link : CVE-2020-37227
CVE.ORG link : CVE-2020-37227
JSON object : View
Products Affected
No product.
CWE
CWE-434
Unrestricted Upload of File with Dangerous Type
