Total
3441 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2020-26252 | 1 Openmage | 1 Openmage | 2024-11-21 | 6.5 MEDIUM | 8.7 HIGH |
| OpenMage is a community-driven alternative to Magento CE. In OpenMage before versions 19.4.10 and 20.0.6, there is a vulnerability which enables remote code execution. In affected versions an administrator with permission to update product data to be able to store an executable file on the server and load it via layout xml. The latest OpenMage Versions up from 19.4.10 and 20.0.6 have this issue solved. | |||||
| CVE-2020-26174 | 1 Tangro | 1 Business Workflow | 2024-11-21 | 6.5 MEDIUM | 8.8 HIGH |
| tangro Business Workflow before 1.18.1 requests a list of allowed filetypes from the server and restricts uploads to the filetypes contained in this list. However, this restriction is enforced in the browser (client-side) and can be circumvented. This allows an attacker to upload any file as an attachment to a workitem. | |||||
| CVE-2020-26048 | 1 Cuppacms | 1 Cuppacms | 2024-11-21 | 6.5 MEDIUM | 8.8 HIGH |
| The file manager option in CuppaCMS before 2019-11-12 allows an authenticated attacker to upload a malicious file within an image extension and through a custom request using the rename function provided by the file manager is able to modify the image extension into PHP resulting in remote arbitrary code execution. | |||||
| CVE-2020-26008 | 1 Shopxo | 1 Shopxo | 2024-11-21 | 6.8 MEDIUM | 7.8 HIGH |
| The PluginsUpload function in application/service/PluginsAdminService.php of ShopXO v1.9.0 contains an arbitrary file upload vulnerability which allows attackers to execute arbitrary code via uploading a crafted PHP file. | |||||
| CVE-2020-26007 | 1 Shopxo | 1 Shopxo | 2024-11-21 | 6.8 MEDIUM | 7.8 HIGH |
| An arbitrary file upload vulnerability in the upload payment plugin of ShopXO v1.9.0 allows attackers to execute arbitrary code via uploading a crafted PHP file. | |||||
| CVE-2020-25790 | 1 Typesettercms | 1 Typesetter | 2024-11-21 | 6.5 MEDIUM | 7.2 HIGH |
| Typesetter CMS 5.x through 5.1 allows admins to upload and execute arbitrary PHP code via a .php file inside a ZIP archive. NOTE: the vendor disputes the significance of this report because "admins are considered trustworthy"; however, the behavior "contradicts our security policy" and is being fixed for 5.2 | |||||
| CVE-2020-25763 | 1 Seat Reservation System Project | 1 Seat Reservation System | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| Seat Reservation System version 1.0 suffers from an Unauthenticated File Upload Vulnerability allowing Remote Attackers to gain Remote Code Execution (RCE) on the Hosting Webserver via uploading PHP files. | |||||
| CVE-2020-25733 | 1 Webtareas Project | 1 Webtareas | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| webTareas through 2.1 allows upload of the dangerous .exe and .shtml file types. | |||||
| CVE-2020-25537 | 1 Ucms Project | 1 Ucms | 2024-11-21 | 10.0 HIGH | 9.8 CRITICAL |
| File upload vulnerability exists in UCMS 1.5.0, and the attacker can take advantage of this vulnerability to obtain server management permission. | |||||
| CVE-2020-25515 | 1 Simple Library Management System Project | 1 Simple Library Management System | 2024-11-21 | 4.6 MEDIUM | 7.8 HIGH |
| Sourcecodester Simple Library Management System 1.0 is affected by Insecure Permissions via Books > New Book , http://<site>/lms/index.php?page=books. | |||||
| CVE-2020-25483 | 1 Ucms Project | 1 Ucms | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| An arbitrary command execution vulnerability exists in the fopen() function of file writes of UCMS v1.4.8, where an attacker can gain access to the server. | |||||
| CVE-2020-25406 | 1 Lemocms | 1 Lemocms | 2024-11-21 | 7.5 HIGH | 7.3 HIGH |
| app\admin\controller\sys\Uploads.php in lemocms 1.8.x allows users to upload files to upload executable files. | |||||
| CVE-2020-25287 | 1 Pligg Project | 1 Pligg | 2024-11-21 | 6.5 MEDIUM | 7.2 HIGH |
| Pligg 2.0.3 allows remote authenticated users to execute arbitrary commands because the template editor can edit any file, as demonstrated by an admin/admin_editor.php the_file=..%2Findex.php&open=Open request. | |||||
| CVE-2020-25149 | 1 Observium | 1 Observium | 2024-11-21 | 6.5 MEDIUM | 8.8 HIGH |
| An issue was discovered in Observium Professional, Enterprise & Community 20.8.10631. It is vulnerable to directory traversal and local file inclusion due to the fact that there is an unrestricted possibility of loading any file with an inc.php extension. Inclusion of other files (even though limited to the mentioned extension) can lead to Remote Code Execution. This can occur via /device/device=345/?tab=health&metric=../ because of device/health.inc.php. | |||||
| CVE-2020-25145 | 1 Observium | 1 Observium | 2024-11-21 | 6.5 MEDIUM | 8.8 HIGH |
| An issue was discovered in Observium Professional, Enterprise & Community 20.8.10631. It is vulnerable to directory traversal and local file inclusion due to the fact that there is an unrestricted possibility of loading any file with an inc.php extension. Inclusion of other files (even though limited to the mentioned extension) can lead to Remote Code Execution. This can occur via /device/device=345/?tab=ports&view=../ URIs because of device/port.inc.php. | |||||
| CVE-2020-25144 | 1 Observium | 1 Observium | 2024-11-21 | 6.5 MEDIUM | 8.8 HIGH |
| An issue was discovered in Observium Professional, Enterprise & Community 20.8.10631. It is vulnerable to directory traversal and local file inclusion due to the fact that there is an unrestricted possibility of loading any file with an inc.php extension. Inclusion of other files (even though limited to the mentioned extension) can lead to Remote Code Execution. This can occur via /apps/?app=../ URIs. | |||||
| CVE-2020-25136 | 1 Observium | 1 Observium | 2024-11-21 | 6.5 MEDIUM | 8.8 HIGH |
| An issue was discovered in Observium Professional, Enterprise & Community 20.8.10631. It is vulnerable to directory traversal and local file inclusion due to the fact that there is an unrestricted possibility of loading any file with an inc.php extension. Inclusion of other files (even though limited to the mentioned extension) can lead to Remote Code Execution. This can occur via /device/device=345/?tab=routing&proto=../ URIs to device/routing.inc.php. | |||||
| CVE-2020-25134 | 1 Observium | 1 Observium | 2024-11-21 | 6.5 MEDIUM | 8.8 HIGH |
| An issue was discovered in Observium Professional, Enterprise & Community 20.8.10631. It is vulnerable to directory traversal and local file inclusion due to the fact that there is an unrestricted possibility of loading any file with an inc.php extension. Inclusion of other files (even though limited to the mentioned extension) can lead to Remote Code Execution. This can occur via /settings/?format=../ URIs to pages/settings.inc.php. | |||||
| CVE-2020-25133 | 1 Observium | 1 Observium | 2024-11-21 | 6.5 MEDIUM | 8.8 HIGH |
| An issue was discovered in Observium Professional, Enterprise & Community 20.8.10631. It is vulnerable to directory traversal and local file inclusion due to the fact that there is an unrestricted possibility of loading any file with an inc.php extension. Inclusion of other files (even though limited to the mentioned extension) can lead to Remote Code Execution. This can occur via /ports/?format=../ URIs to pages/ports.inc.php. | |||||
| CVE-2020-25042 | 1 Maracms | 1 Maracms | 2024-11-21 | 6.5 MEDIUM | 7.2 HIGH |
| An arbitrary file upload issue exists in Mara CMS 7.5. In order to exploit this, an attacker must have a valid authenticated (admin/manager) session and make a codebase/dir.php?type=filenew request to upload PHP code to codebase/handler.php. | |||||