Vulnerabilities (CVE)

Filtered by CWE-434
Total 4095 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2020-20979 1 8cms 1 Ljcms 2026-06-17 7.5 HIGH 9.8 CRITICAL
An arbitrary file upload vulnerability in the move_uploaded_file() function of LJCMS v4.3 allows attackers to execute arbitrary code.
CVE-2020-20969 1 Pluck-cms 1 Pluck 2026-06-17 N/A 7.2 HIGH
File Upload vulnerability in PluckCMS v.4.7.10 allows a remote attacker to execute arbitrary code via the trashcan_restoreitem.php file.
CVE-2020-20919 1 Pluck-cms 1 Pluck 2026-06-17 N/A 7.2 HIGH
File upload vulnerability in Pluck CMS v.4.7.10-dev2 allows a remote attacker to execute arbitrary code and access sensitive information via the theme.php file.
CVE-2020-20735 1 8cms 1 Ljcms 2026-06-17 N/A 9.8 CRITICAL
File Upload vulnerability in LJCMS v.4.3.R60321 allows a remote attacker to execute arbitrary code via the ljcms/index.php parameter.
CVE-2020-20718 1 Pluck-cms 1 Pluckcms 2026-06-17 N/A 9.8 CRITICAL
File Upload vulnerability in PluckCMS v.4.7.10 dev versions allows a remote attacker to execute arbitrary code via a crafted image file to the the save_file() parameter.
CVE-2020-20691 1 Monstra 1 Monstra Cms 2026-06-17 5.8 MEDIUM 6.5 MEDIUM
An issue in Monstra CMS v3.0.4 allows attackers to execute arbitrary web scripts or HTML via bypassing the file extension filter and uploading crafted HTML files.
CVE-2020-20672 1 Kitesky 1 Kitecms 2026-06-17 6.8 MEDIUM 7.8 HIGH
An arbitrary file upload vulnerability in /admin/upload/uploadfile of KiteCMS V1.1 allows attackers to getshell via a crafted PHP file.
CVE-2020-20670 1 Zkea 1 Zkeacms 2026-06-17 6.8 MEDIUM 8.8 HIGH
An arbitrary file upload vulnerability in /admin/media/upload of ZKEACMS V3.2.0 allows attackers to execute arbitrary code via a crafted HTML file.
CVE-2020-20588 1 Ibarn Project 1 Ibarn 2026-06-17 N/A 8.8 HIGH
File upload vulnerability in function upload in action/Core.class.php in zhimengzhe iBarn 1.5 allows remote attackers to run arbitrary code via avatar upload to index.php.
CVE-2020-20287 1 Yccms 1 Yccms 2026-06-17 7.5 HIGH 9.8 CRITICAL
Unrestricted file upload vulnerability in the yccms 3.3 project. The xhUp function's improper judgment of the request parameters, triggers remote code execution.
CVE-2020-20210 1 Bludit 1 Bludit 2026-06-17 N/A 8.8 HIGH
Bludit 3.9.2 is vulnerable to Remote Code Execution (RCE) via /admin/ajax/upload-images.
CVE-2020-20092 1 Articlecms Project 1 Articlecms 2026-06-17 7.5 HIGH 9.8 CRITICAL
File Upload vulnerability exists in ArticleCMS 1.0 via the image upload feature at /admin by changing the Content-Type to image/jpeg and placing PHP code after the JPEG data, which could let a remote malicious user execute arbitrary PHP code.
CVE-2020-20067 1 Ebcms 1 Ebcms 2026-06-17 N/A 8.8 HIGH
File upload vulnerability in ebCMS v.1.1.0 allows a remote attacker to execute arbitrary code via the upload type parameter.
CVE-2020-1469 1 Microsoft 1 Bond 2026-06-17 5.0 MEDIUM 7.5 HIGH
A denial of service vulnerability exists when the .NET implementation of Bond improperly parses input, aka 'Bond Denial of Service Vulnerability'.
CVE-2020-1112 1 Microsoft 8 Windows 10, Windows 7, Windows 8.1 and 5 more 2026-06-17 9.0 HIGH 9.9 CRITICAL
An elevation of privilege vulnerability exists when the Windows Background Intelligent Transfer Service (BITS) IIS module improperly handles uploaded content, aka 'Windows Background Intelligent Transfer Service Elevation of Privilege Vulnerability'.
CVE-2020-1102 1 Microsoft 2 Sharepoint Enterprise Server, Sharepoint Server 2026-06-17 6.5 MEDIUM 8.8 HIGH
A remote code execution vulnerability exists in Microsoft SharePoint when the software fails to check the source markup of an application package, aka 'Microsoft SharePoint Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2020-1023, CVE-2020-1024.
CVE-2020-1024 1 Microsoft 3 Sharepoint Enterprise Server, Sharepoint Foundation, Sharepoint Server 2026-06-17 6.5 MEDIUM 8.8 HIGH
A remote code execution vulnerability exists in Microsoft SharePoint when the software fails to check the source markup of an application package, aka 'Microsoft SharePoint Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2020-1023, CVE-2020-1102.
CVE-2020-1023 1 Microsoft 3 Sharepoint Enterprise Server, Sharepoint Foundation, Sharepoint Server 2026-06-17 6.5 MEDIUM 8.8 HIGH
A remote code execution vulnerability exists in Microsoft SharePoint when the software fails to check the source markup of an application package, aka 'Microsoft SharePoint Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2020-1024, CVE-2020-1102.
CVE-2020-19802 1 Doyocms Project 1 Doyocms 2026-06-17 N/A 9.8 CRITICAL
File Upload vulnerability found in Milken DoyoCMS v.2.3 allows a remote attacker to execute arbitrary code via the upload file type parameter.
CVE-2020-19786 1 Cszcms 1 Csz Cms 2026-06-17 N/A 8.8 HIGH
File upload vulnerability in CSKaza CSZ CMS v.1.2.2 fixed in v1.2.4 allows attacker to execute aritrary commands and code via crafted PHP file.