Total
2971 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2020-21861 | 1 Duxcms Project | 1 Duxcms | 2024-11-21 | N/A | 8.8 HIGH |
| File upload vulnerability in DuxCMS 2.1 allows attackers to execute arbitrary php code via duxcms/AdminUpload/upload. | |||||
| CVE-2020-21787 | 1 Crmeb | 1 Crmeb | 2024-11-21 | 10.0 HIGH | 9.8 CRITICAL |
| CRMEB 3.1.0+ is vulnerable to File Upload Getshell via /crmeb/crmeb/services/UploadService.php. | |||||
| CVE-2020-21786 | 1 Ibos | 1 Ibos | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| In IBOS 4.5.4 Open, Arbitrary File Inclusion causes getshell via /system/modules/dashboard/controllers/CronController.php. | |||||
| CVE-2020-21585 | 1 Emlog | 1 Emlog | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| Vulnerability in emlog v6.0.0 allows user to upload webshells via zip plugin module. | |||||
| CVE-2020-21564 | 1 Pluck-cms | 1 Pluck | 2024-11-21 | 6.5 MEDIUM | 8.8 HIGH |
| An issue was discovered in Pluck CMS 4.7.10-dev2 and 4.7.11. There is a file upload vulnerability that can cause a remote command execution via admin.php?action=files. | |||||
| CVE-2020-21516 | 1 Feehi | 1 Feehicms | 2024-11-21 | N/A | 9.8 CRITICAL |
| There is an arbitrary file upload vulnerability in FeehiCMS 2.0.8 at the head image upload, that allows attackers to execute relevant PHP code. | |||||
| CVE-2020-21483 | 1 Jizhicms | 1 Jizhicms | 2024-11-21 | 6.5 MEDIUM | 7.2 HIGH |
| An arbitrary file upload vulnerability in Jizhicms v1.5 allows attackers to execute arbitrary code via a crafted .jpg file which is later changed to a PHP file. | |||||
| CVE-2020-21481 | 1 Rgcms Project | 1 Rgcms | 2024-11-21 | 6.5 MEDIUM | 7.2 HIGH |
| An arbitrary file upload vulnerability in RGCMS v1.06 allows attackers to execute arbitrary code via a crafted .txt file which is later changed to a PHP file. | |||||
| CVE-2020-21452 | 1 Uniview | 2 Isc2500-s, Isc2500-s Firmware | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| An issue was discovered in uniview ISC2500-S. This is an upload vulnerability where an attacker can upload malicious code via /Interface/DevManage/EC.php?cmd=upload | |||||
| CVE-2020-21359 | 1 Maccms | 1 Maccms | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| An arbitrary file upload vulnerability in the Template Upload function of Maccms10 allows attackers bypass the suffix whitelist verification to execute arbitrary code via adding a character to the end of the uploaded file's name. | |||||
| CVE-2020-21322 | 1 Feehi | 1 Feehicms | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| An arbitrary file upload vulnerability in Feehi CMS v2.0.8 and below allows attackers to execute arbitrary code via a crafted PHP file. | |||||
| CVE-2020-21005 | 1 Wellcms | 1 Wellcms | 2024-11-21 | 4.0 MEDIUM | 6.5 MEDIUM |
| WellCMS 2.0 beta3 is vulnerable to File Upload. A user can log in to the CMS background and upload a picture. Because the upload file type is controllable, the user can modify the upload file type to get webshell. | |||||
| CVE-2020-20979 | 1 8cms | 1 Ljcms | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| An arbitrary file upload vulnerability in the move_uploaded_file() function of LJCMS v4.3 allows attackers to execute arbitrary code. | |||||
| CVE-2020-20691 | 1 Monstra | 1 Monstra Cms | 2024-11-21 | 5.8 MEDIUM | 6.5 MEDIUM |
| An issue in Monstra CMS v3.0.4 allows attackers to execute arbitrary web scripts or HTML via bypassing the file extension filter and uploading crafted HTML files. | |||||
| CVE-2020-20672 | 1 Kitesky | 1 Kitecms | 2024-11-21 | 6.8 MEDIUM | 7.8 HIGH |
| An arbitrary file upload vulnerability in /admin/upload/uploadfile of KiteCMS V1.1 allows attackers to getshell via a crafted PHP file. | |||||
| CVE-2020-20670 | 1 Zkea | 1 Zkeacms | 2024-11-21 | 6.8 MEDIUM | 8.8 HIGH |
| An arbitrary file upload vulnerability in /admin/media/upload of ZKEACMS V3.2.0 allows attackers to execute arbitrary code via a crafted HTML file. | |||||
| CVE-2020-20287 | 1 Yccms | 1 Yccms | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| Unrestricted file upload vulnerability in the yccms 3.3 project. The xhUp function's improper judgment of the request parameters, triggers remote code execution. | |||||
| CVE-2020-20210 | 1 Bludit | 1 Bludit | 2024-11-21 | N/A | 8.8 HIGH |
| Bludit 3.9.2 is vulnerable to Remote Code Execution (RCE) via /admin/ajax/upload-images. | |||||
| CVE-2020-20092 | 1 Articlecms Project | 1 Articlecms | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| File Upload vulnerability exists in ArticleCMS 1.0 via the image upload feature at /admin by changing the Content-Type to image/jpeg and placing PHP code after the JPEG data, which could let a remote malicious user execute arbitrary PHP code. | |||||
| CVE-2020-1469 | 1 Microsoft | 1 Bond | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| A denial of service vulnerability exists when the .NET implementation of Bond improperly parses input, aka 'Bond Denial of Service Vulnerability'. | |||||