Total
2975 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2020-28939 | 1 Openclinic Project | 1 Openclinic | 2024-11-21 | 6.5 MEDIUM | 7.2 HIGH |
| OpenClinic version 0.8.2 is affected by a medical/test_new.php insecure file upload vulnerability. This vulnerability allows authenticated users (with substantial privileges) to upload malicious files, such as PHP web shells, which can lead to arbitrary code execution on the application server. | |||||
| CVE-2020-28871 | 1 Monitorr | 1 Monitorr | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| Remote code execution in Monitorr v1.7.6m in upload.php allows an unauthorized person to execute arbitrary code on the server-side via an insecure file upload. | |||||
| CVE-2020-28693 | 1 Horizontcms Project | 1 Horizontcms | 2024-11-21 | 9.0 HIGH | 8.8 HIGH |
| An unrestricted file upload issue in HorizontCMS 1.0.0-beta allows an authenticated remote attacker to upload PHP code through a zip file by uploading a theme, and executing the PHP file via an HTTP GET request to /themes/<php_file_name> | |||||
| CVE-2020-28692 | 1 Gilacms | 1 Gila Cms | 2024-11-21 | 6.5 MEDIUM | 7.2 HIGH |
| In Gila CMS 1.16.0, an attacker can upload a shell to tmp directy and abuse .htaccess through the logs function for executing PHP files. | |||||
| CVE-2020-28688 | 1 Artworks Gallery In Php\, Css\, Javascript\, And Mysql Project | 1 Artworks Gallery In Php\, Css\, Javascript\, And Mysql | 2024-11-21 | 9.0 HIGH | 8.8 HIGH |
| The add artwork functionality in ARTWORKS GALLERY IN PHP, CSS, JAVASCRIPT, AND MYSQL 1.0 allows remote attackers to upload arbitrary files. | |||||
| CVE-2020-28687 | 1 Artworks Gallery In Php\, Css\, Javascript\, And Mysql Project | 1 Artworks Gallery In Php\, Css\, Javascript\, And Mysql | 2024-11-21 | 9.0 HIGH | 8.8 HIGH |
| The edit profile functionality in ARTWORKS GALLERY IN PHP, CSS, JAVASCRIPT, AND MYSQL 1.0 allows remote attackers to upload arbitrary files. | |||||
| CVE-2020-28328 | 1 Salesagility | 1 Suitecrm | 2024-11-21 | 9.0 HIGH | 8.8 HIGH |
| SuiteCRM before 7.11.17 is vulnerable to remote code execution via the system settings Log File Name setting. In certain circumstances involving admin account takeover, logger_file_name can refer to an attacker-controlled .php file under the web root. | |||||
| CVE-2020-28173 | 1 Simple College Project | 1 Simple College | 2024-11-21 | 6.5 MEDIUM | 7.2 HIGH |
| Simple College Website 1.0 allows a user to conduct remote code execution via /alumni/admin/ajax.php?action=save_settings when uploading a malicious file using the image upload functionality, which is stored in /alumni/admin/assets/uploads/. | |||||
| CVE-2020-28165 | 1 Easycorp | 1 Zentao | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| The EasyCorp ZenTao PMS 12.4.2 application suffers from an arbitrary file upload vulnerability. An attacker can upload arbitrary webshell to the server by using the downloadZipPackage() function. | |||||
| CVE-2020-28140 | 1 Online Clothing Store Project | 1 Online Clothing Store | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| SourceCodester Online Clothing Store 1.0 is affected by an arbitrary file upload via the image upload feature of Products.php. | |||||
| CVE-2020-28136 | 1 Phpgurukul | 1 Tourism Management System | 2024-11-21 | 6.5 MEDIUM | 8.8 HIGH |
| An Arbitrary File Upload is discovered in SourceCodester Tourism Management System 1.0 allows the user to conduct remote code execution via admin/create-package.php vulnerable page. | |||||
| CVE-2020-28130 | 1 Online Library Management System Project | 1 Online Library Management System | 2024-11-21 | 10.0 HIGH | 9.8 CRITICAL |
| An Arbitrary File Upload in the Upload Image component in SourceCodester Online Library Management System 1.0 allows the user to conduct remote code execution via admin/borrower/index.php?view=add because .php files can be uploaded to admin/borrower/photos (under the web root). | |||||
| CVE-2020-28088 | 1 Jeecg | 1 Jeecg Boot | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| An arbitrary file upload vulnerability in /jeecg-boot/sys/common/upload of jeecg-boot CMS 2.3 allows attackers to execute arbitrary code. | |||||
| CVE-2020-28072 | 1 Alumni Management System Project | 1 Alumni Management System | 2024-11-21 | 6.5 MEDIUM | 7.2 HIGH |
| A Remote Code Execution vulnerability exists in DourceCodester Alumni Management System 1.0. An authenticated attacker can upload arbitrary file in the gallery.php page and executing it on the server reaching the RCE. | |||||
| CVE-2020-28063 | 1 Articlecms Project | 1 Articlecms | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| A file upload issue exists in all versions of ArticleCMS which allows malicious users to getshell. | |||||
| CVE-2020-28062 | 1 Hisiphp | 1 Hisiphp | 2024-11-21 | 6.5 MEDIUM | 7.2 HIGH |
| An Access Control vulnerability exists in HisiPHP 2.0.11 via special packets that are constructed in $files = Dir::getList($decompath. '/ Upload/Plugins /, which could let a remote malicious user execute arbitrary code. | |||||
| CVE-2020-27956 | 1 Car Rental Management System Project | 1 Car Rental Management System | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| An Arbitrary File Upload in the Upload Image component in SourceCodester Car Rental Management System 1.0 allows the user to conduct remote code execution via admin/index.php?page=manage_car because .php files can be uploaded to admin/assets/uploads/ (under the web root). | |||||
| CVE-2020-27461 | 1 Seopanel | 1 Seopanel | 2024-11-21 | 6.5 MEDIUM | 8.8 HIGH |
| A remote code execution vulnerability in SEOPanel 4.6.0 has been fixed for 4.7.0. This vulnerability allowed for remote code execution through an authenticated file upload via the Settings Panel>Import website function. | |||||
| CVE-2020-27397 | 1 Projectworlds | 1 Online Matrimonial Project | 2024-11-21 | 6.5 MEDIUM | 8.8 HIGH |
| Marital - Online Matrimonial Project In PHP version 1.0 suffers from an authenticated file upload vulnerability allowing remote attackers to gain remote code execution (RCE) on the Hosting web server via uploading a maliciously crafted PHP file. | |||||
| CVE-2020-27387 | 1 Horizontcms Project | 1 Horizontcms | 2024-11-21 | 6.5 MEDIUM | 8.8 HIGH |
| An unrestricted file upload issue in HorizontCMS through 1.0.0-beta allows an authenticated remote attacker (with access to the FileManager) to upload and execute arbitrary PHP code by uploading a PHP payload, and then using the FileManager's rename function to provide the payload (which will receive a random name on the server) with the PHP extension, and finally executing the PHP file via an HTTP GET request to /storage/<php_file_name>. NOTE: the vendor has patched this while leaving the version number at 1.0.0-beta. | |||||