Vulnerabilities (CVE)

Filtered by CWE-434
Total 4096 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2020-22249 1 Phplist 1 Phplist 2026-06-17 7.5 HIGH 9.8 CRITICAL
Remote Code Execution vulnerability in phplist 3.5.1. The application does not check any file extensions stored in the plugin zip file, Uploading a malicious plugin which contains the php files with extensions like PHP,phtml,php7 will be copied to the plugins directory which would lead to the remote code execution
CVE-2020-22159 1 Evertz 6 3080ipx, 3080ipx Firmware, 7801fc and 3 more 2026-06-17 N/A 8.8 HIGH
EVERTZ devices 3080IPX exe-guest-v1.2-r26125, 7801FC 1.3 Build 27, and 7890IXG V494 are vulnerable to Arbitrary File Upload, allowing an authenticated attacker to upload a webshell or overwrite any critical system files.
CVE-2020-22153 1 Thedaylightstudio 1 Fuel Cms 2026-06-17 N/A 9.8 CRITICAL
File Upload vulnerability in FUEL-CMS v.1.4.6 allows a remote attacker to execute arbitrary code via a crafted .php file to the upload parameter in the navigation function.
CVE-2020-22151 1 Thedaylightstudio 1 Fuel Cms 2026-06-17 N/A 9.8 CRITICAL
Permissions vulnerability in Fuel-CMS v.1.4.6 allows a remote attacker to execute arbitrary code via a crafted zip file to the assests parameter of the upload function.
CVE-2020-21976 1 Newsone Cms Project 1 Newsone Cms 2026-06-17 9.0 HIGH 8.8 HIGH
An arbitrary file upload in the <input type="file" name="user_image"> component of NewsOne CMS v1.1.0 allows attackers to webshell and execute arbitrary commands.
CVE-2020-21861 1 Duxcms Project 1 Duxcms 2026-06-17 N/A 8.8 HIGH
File upload vulnerability in DuxCMS 2.1 allows attackers to execute arbitrary php code via duxcms/AdminUpload/upload.
CVE-2020-21787 1 Crmeb 1 Crmeb 2026-06-17 10.0 HIGH 9.8 CRITICAL
CRMEB 3.1.0+ is vulnerable to File Upload Getshell via /crmeb/crmeb/services/UploadService.php.
CVE-2020-21786 1 Ibos 1 Ibos 2026-06-17 7.5 HIGH 9.8 CRITICAL
In IBOS 4.5.4 Open, Arbitrary File Inclusion causes getshell via /system/modules/dashboard/controllers/CronController.php.
CVE-2020-21585 1 Emlog 1 Emlog 2026-06-17 7.5 HIGH 9.8 CRITICAL
Vulnerability in emlog v6.0.0 allows user to upload webshells via zip plugin module.
CVE-2020-21564 1 Pluck-cms 1 Pluck 2026-06-17 6.5 MEDIUM 8.8 HIGH
An issue was discovered in Pluck CMS 4.7.10-dev2 and 4.7.11. There is a file upload vulnerability that can cause a remote command execution via admin.php?action=files.
CVE-2020-21516 1 Feehi 1 Feehicms 2026-06-17 N/A 9.8 CRITICAL
There is an arbitrary file upload vulnerability in FeehiCMS 2.0.8 at the head image upload, that allows attackers to execute relevant PHP code.
CVE-2020-21489 1 Feehi 1 Feehicms 2026-06-17 N/A 9.8 CRITICAL
File Upload vulnerability in Feehicms v.2.0.8 allows a remote attacker to execute arbitrary code via the /admin/index.php?r=admin-user%2Fupdate-self component.
CVE-2020-21483 1 Jizhicms 1 Jizhicms 2026-06-17 6.5 MEDIUM 7.2 HIGH
An arbitrary file upload vulnerability in Jizhicms v1.5 allows attackers to execute arbitrary code via a crafted .jpg file which is later changed to a PHP file.
CVE-2020-21481 1 Rgcms Project 1 Rgcms 2026-06-17 6.5 MEDIUM 7.2 HIGH
An arbitrary file upload vulnerability in RGCMS v1.06 allows attackers to execute arbitrary code via a crafted .txt file which is later changed to a PHP file.
CVE-2020-21474 1 Nucleuscms 1 Nucleuscms 2026-06-17 N/A 9.8 CRITICAL
File Upload vulnerability in NucleusCMS v.3.71 allows a remote attacker to execute arbitrary code via the /nucleus/plugins/skinfiles/?dir=rsd parameter.
CVE-2020-21452 1 Uniview 2 Isc2500-s, Isc2500-s Firmware 2026-06-17 7.5 HIGH 9.8 CRITICAL
An issue was discovered in uniview ISC2500-S. This is an upload vulnerability where an attacker can upload malicious code via /Interface/DevManage/EC.php?cmd=upload
CVE-2020-21359 1 Maccms 1 Maccms 2026-06-17 7.5 HIGH 9.8 CRITICAL
An arbitrary file upload vulnerability in the Template Upload function of Maccms10 allows attackers bypass the suffix whitelist verification to execute arbitrary code via adding a character to the end of the uploaded file's name.
CVE-2020-21325 1 Wuzhicms 1 Wuzhicms 2026-06-17 N/A 8.8 HIGH
An issue in WUZHI CMS v.4.1.0 allows a remote attacker to execute arbitrary code via the set_chache method of the function\common.func.php file.
CVE-2020-21322 1 Feehi 1 Feehicms 2026-06-17 7.5 HIGH 9.8 CRITICAL
An arbitrary file upload vulnerability in Feehi CMS v2.0.8 and below allows attackers to execute arbitrary code via a crafted PHP file.
CVE-2020-21174 1 Feehi 1 Feehicms 2026-06-17 N/A 9.8 CRITICAL
File Upload vulenrability in liufee CMS v.2.0.7.1 allows a remote attacker to execute arbitrary code via the image suffix function.