Total
1117 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2020-35442 | 1 Fangfa | 1 Fdcms | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| FDCMS (also known as Fangfa Content Management System) 4.0 allows remote attackers to get a webshell in the background via Front/lib/Action/FindexAction.class.php. | |||||
| CVE-2020-29597 | 1 Incomcms Project | 1 Incomcms | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| IncomCMS 2.0 has a modules/uploader/showcase/script.php insecure file upload vulnerability. This vulnerability allows unauthenticated attackers to upload files into the server. | |||||
| CVE-2020-29592 | 1 Orchardproject | 1 Orchard | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| An issue was discovered in Orchard before 1.10. A broken access control issue in Orchard components that use the TinyMCE HTML editor's file upload allows an attacker to upload dangerous executables that bypass the file types allowed (regardless of the file types allowed list in Media settings). | |||||
| CVE-2020-28871 | 1 Monitorr | 1 Monitorr | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| Remote code execution in Monitorr v1.7.6m in upload.php allows an unauthorized person to execute arbitrary code on the server-side via an insecure file upload. | |||||
| CVE-2020-28165 | 1 Easycorp | 1 Zentao | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| The EasyCorp ZenTao PMS 12.4.2 application suffers from an arbitrary file upload vulnerability. An attacker can upload arbitrary webshell to the server by using the downloadZipPackage() function. | |||||
| CVE-2020-28140 | 1 Online Clothing Store Project | 1 Online Clothing Store | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| SourceCodester Online Clothing Store 1.0 is affected by an arbitrary file upload via the image upload feature of Products.php. | |||||
| CVE-2020-28130 | 1 Online Library Management System Project | 1 Online Library Management System | 2024-11-21 | 10.0 HIGH | 9.8 CRITICAL |
| An Arbitrary File Upload in the Upload Image component in SourceCodester Online Library Management System 1.0 allows the user to conduct remote code execution via admin/borrower/index.php?view=add because .php files can be uploaded to admin/borrower/photos (under the web root). | |||||
| CVE-2020-28088 | 1 Jeecg | 1 Jeecg Boot | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| An arbitrary file upload vulnerability in /jeecg-boot/sys/common/upload of jeecg-boot CMS 2.3 allows attackers to execute arbitrary code. | |||||
| CVE-2020-28063 | 1 Articlecms Project | 1 Articlecms | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| A file upload issue exists in all versions of ArticleCMS which allows malicious users to getshell. | |||||
| CVE-2020-27956 | 1 Car Rental Management System Project | 1 Car Rental Management System | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| An Arbitrary File Upload in the Upload Image component in SourceCodester Car Rental Management System 1.0 allows the user to conduct remote code execution via admin/index.php?page=manage_car because .php files can be uploaded to admin/assets/uploads/ (under the web root). | |||||
| CVE-2020-26553 | 1 Aviatrix | 1 Controller | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| An issue was discovered in Aviatrix Controller before R6.0.2483. Several APIs contain functions that allow arbitrary files to be uploaded to the web tree. | |||||
| CVE-2020-25763 | 1 Seat Reservation System Project | 1 Seat Reservation System | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| Seat Reservation System version 1.0 suffers from an Unauthenticated File Upload Vulnerability allowing Remote Attackers to gain Remote Code Execution (RCE) on the Hosting Webserver via uploading PHP files. | |||||
| CVE-2020-25537 | 1 Ucms Project | 1 Ucms | 2024-11-21 | 10.0 HIGH | 9.8 CRITICAL |
| File upload vulnerability exists in UCMS 1.5.0, and the attacker can take advantage of this vulnerability to obtain server management permission. | |||||
| CVE-2020-25010 | 1 Kyland | 2 Kps2204 6 Port Managed Din-rail Programmable Serial Device, Kps2204 6 Port Managed Din-rail Programmable Serial Device Firmware | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| An arbitrary code execution vulnerability in Kyland KPS2204 6 Port Managed Din-Rail Programmable Serial Device Servers Software Version:R0002.P05 allows remote attackers to upload a malicious script file by constructing a POST type request and writing a payload in the request parameters as an instruction to write a file. | |||||
| CVE-2020-24407 | 1 Magento | 1 Magento | 2024-11-21 | 9.0 HIGH | 9.1 CRITICAL |
| Magento versions 2.4.0 and 2.3.5p1 (and earlier) are affected by an unsafe file upload vulnerability that could result in arbitrary code execution. This vulnerability could be abused by authenticated users with administrative permissions to the System/Data and Transfer/Import components. | |||||
| CVE-2020-24203 | 1 Projectworlds | 1 Travel Management System | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| Insecure File Permissions and Arbitrary File Upload in the upload pic function in updatesubcategory.php in Projects World Travel Management System v1.0 allows remote unauthenticated attackers to gain remote code execution. | |||||
| CVE-2020-24202 | 1 Projectworlds | 1 House Rental And Property Listing Project | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| File Upload component in Projects World House Rental v1.0 suffers from an arbitrary file upload vulnerability with regular users, which allows remote attackers to conduct code execution. | |||||
| CVE-2020-24199 | 1 Projectworlds | 1 Car Rental Project | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| Arbitrary File Upload in the Vehicle Image Upload component in Project Worlds Car Rental Management System v1.0 allows attackers to conduct remote code execution. | |||||
| CVE-2020-24195 | 1 Online Bike Rental Project | 1 Online Bike Rental | 2024-11-21 | 6.5 MEDIUM | 9.1 CRITICAL |
| An Arbitrary File Upload in the Upload Image component in Sourcecodester Online Bike Rental v1.0 allows authenticated administrator to conduct remote code execution. | |||||
| CVE-2020-24186 | 1 Gvectors | 1 Wpdiscuz | 2024-11-21 | 7.5 HIGH | 10.0 CRITICAL |
| A Remote Code Execution vulnerability exists in the gVectors wpDiscuz plugin 7.0 through 7.0.4 for WordPress, which allows unauthenticated users to upload any type of file, including PHP files via the wmuUploadFiles AJAX action. | |||||