Total
4096 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2020-22249 | 1 Phplist | 1 Phplist | 2026-06-17 | 7.5 HIGH | 9.8 CRITICAL |
| Remote Code Execution vulnerability in phplist 3.5.1. The application does not check any file extensions stored in the plugin zip file, Uploading a malicious plugin which contains the php files with extensions like PHP,phtml,php7 will be copied to the plugins directory which would lead to the remote code execution | |||||
| CVE-2020-22159 | 1 Evertz | 6 3080ipx, 3080ipx Firmware, 7801fc and 3 more | 2026-06-17 | N/A | 8.8 HIGH |
| EVERTZ devices 3080IPX exe-guest-v1.2-r26125, 7801FC 1.3 Build 27, and 7890IXG V494 are vulnerable to Arbitrary File Upload, allowing an authenticated attacker to upload a webshell or overwrite any critical system files. | |||||
| CVE-2020-22153 | 1 Thedaylightstudio | 1 Fuel Cms | 2026-06-17 | N/A | 9.8 CRITICAL |
| File Upload vulnerability in FUEL-CMS v.1.4.6 allows a remote attacker to execute arbitrary code via a crafted .php file to the upload parameter in the navigation function. | |||||
| CVE-2020-22151 | 1 Thedaylightstudio | 1 Fuel Cms | 2026-06-17 | N/A | 9.8 CRITICAL |
| Permissions vulnerability in Fuel-CMS v.1.4.6 allows a remote attacker to execute arbitrary code via a crafted zip file to the assests parameter of the upload function. | |||||
| CVE-2020-21976 | 1 Newsone Cms Project | 1 Newsone Cms | 2026-06-17 | 9.0 HIGH | 8.8 HIGH |
| An arbitrary file upload in the <input type="file" name="user_image"> component of NewsOne CMS v1.1.0 allows attackers to webshell and execute arbitrary commands. | |||||
| CVE-2020-21861 | 1 Duxcms Project | 1 Duxcms | 2026-06-17 | N/A | 8.8 HIGH |
| File upload vulnerability in DuxCMS 2.1 allows attackers to execute arbitrary php code via duxcms/AdminUpload/upload. | |||||
| CVE-2020-21787 | 1 Crmeb | 1 Crmeb | 2026-06-17 | 10.0 HIGH | 9.8 CRITICAL |
| CRMEB 3.1.0+ is vulnerable to File Upload Getshell via /crmeb/crmeb/services/UploadService.php. | |||||
| CVE-2020-21786 | 1 Ibos | 1 Ibos | 2026-06-17 | 7.5 HIGH | 9.8 CRITICAL |
| In IBOS 4.5.4 Open, Arbitrary File Inclusion causes getshell via /system/modules/dashboard/controllers/CronController.php. | |||||
| CVE-2020-21585 | 1 Emlog | 1 Emlog | 2026-06-17 | 7.5 HIGH | 9.8 CRITICAL |
| Vulnerability in emlog v6.0.0 allows user to upload webshells via zip plugin module. | |||||
| CVE-2020-21564 | 1 Pluck-cms | 1 Pluck | 2026-06-17 | 6.5 MEDIUM | 8.8 HIGH |
| An issue was discovered in Pluck CMS 4.7.10-dev2 and 4.7.11. There is a file upload vulnerability that can cause a remote command execution via admin.php?action=files. | |||||
| CVE-2020-21516 | 1 Feehi | 1 Feehicms | 2026-06-17 | N/A | 9.8 CRITICAL |
| There is an arbitrary file upload vulnerability in FeehiCMS 2.0.8 at the head image upload, that allows attackers to execute relevant PHP code. | |||||
| CVE-2020-21489 | 1 Feehi | 1 Feehicms | 2026-06-17 | N/A | 9.8 CRITICAL |
| File Upload vulnerability in Feehicms v.2.0.8 allows a remote attacker to execute arbitrary code via the /admin/index.php?r=admin-user%2Fupdate-self component. | |||||
| CVE-2020-21483 | 1 Jizhicms | 1 Jizhicms | 2026-06-17 | 6.5 MEDIUM | 7.2 HIGH |
| An arbitrary file upload vulnerability in Jizhicms v1.5 allows attackers to execute arbitrary code via a crafted .jpg file which is later changed to a PHP file. | |||||
| CVE-2020-21481 | 1 Rgcms Project | 1 Rgcms | 2026-06-17 | 6.5 MEDIUM | 7.2 HIGH |
| An arbitrary file upload vulnerability in RGCMS v1.06 allows attackers to execute arbitrary code via a crafted .txt file which is later changed to a PHP file. | |||||
| CVE-2020-21474 | 1 Nucleuscms | 1 Nucleuscms | 2026-06-17 | N/A | 9.8 CRITICAL |
| File Upload vulnerability in NucleusCMS v.3.71 allows a remote attacker to execute arbitrary code via the /nucleus/plugins/skinfiles/?dir=rsd parameter. | |||||
| CVE-2020-21452 | 1 Uniview | 2 Isc2500-s, Isc2500-s Firmware | 2026-06-17 | 7.5 HIGH | 9.8 CRITICAL |
| An issue was discovered in uniview ISC2500-S. This is an upload vulnerability where an attacker can upload malicious code via /Interface/DevManage/EC.php?cmd=upload | |||||
| CVE-2020-21359 | 1 Maccms | 1 Maccms | 2026-06-17 | 7.5 HIGH | 9.8 CRITICAL |
| An arbitrary file upload vulnerability in the Template Upload function of Maccms10 allows attackers bypass the suffix whitelist verification to execute arbitrary code via adding a character to the end of the uploaded file's name. | |||||
| CVE-2020-21325 | 1 Wuzhicms | 1 Wuzhicms | 2026-06-17 | N/A | 8.8 HIGH |
| An issue in WUZHI CMS v.4.1.0 allows a remote attacker to execute arbitrary code via the set_chache method of the function\common.func.php file. | |||||
| CVE-2020-21322 | 1 Feehi | 1 Feehicms | 2026-06-17 | 7.5 HIGH | 9.8 CRITICAL |
| An arbitrary file upload vulnerability in Feehi CMS v2.0.8 and below allows attackers to execute arbitrary code via a crafted PHP file. | |||||
| CVE-2020-21174 | 1 Feehi | 1 Feehicms | 2026-06-17 | N/A | 9.8 CRITICAL |
| File Upload vulenrability in liufee CMS v.2.0.7.1 allows a remote attacker to execute arbitrary code via the image suffix function. | |||||
