Total
2499 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2020-29176 | 1 Zblogcn | 1 Z-blogphp | 2024-08-04 | 7.8 High |
| An arbitrary file upload vulnerability in Z-BlogPHP v1.6.1.2100 allows attackers to execute arbitrary code via a crafted JPG file. | ||||
| CVE-2020-28939 | 1 Openclinic Project | 1 Openclinic | 2024-08-04 | 7.2 High |
| OpenClinic version 0.8.2 is affected by a medical/test_new.php insecure file upload vulnerability. This vulnerability allows authenticated users (with substantial privileges) to upload malicious files, such as PHP web shells, which can lead to arbitrary code execution on the application server. | ||||
| CVE-2020-28871 | 1 Monitorr | 1 Monitorr | 2024-08-04 | 9.8 Critical |
| Remote code execution in Monitorr v1.7.6m in upload.php allows an unauthorized person to execute arbitrary code on the server-side via an insecure file upload. | ||||
| CVE-2020-28687 | 1 Artworks Gallery In Php\, Css\, Javascript\, And Mysql Project | 1 Artworks Gallery In Php\, Css\, Javascript\, And Mysql | 2024-08-04 | 8.8 High |
| The edit profile functionality in ARTWORKS GALLERY IN PHP, CSS, JAVASCRIPT, AND MYSQL 1.0 allows remote attackers to upload arbitrary files. | ||||
| CVE-2020-28688 | 1 Artworks Gallery In Php\, Css\, Javascript\, And Mysql Project | 1 Artworks Gallery In Php\, Css\, Javascript\, And Mysql | 2024-08-04 | 8.8 High |
| The add artwork functionality in ARTWORKS GALLERY IN PHP, CSS, JAVASCRIPT, AND MYSQL 1.0 allows remote attackers to upload arbitrary files. | ||||
| CVE-2020-28692 | 1 Gilacms | 1 Gila Cms | 2024-08-04 | 7.2 High |
| In Gila CMS 1.16.0, an attacker can upload a shell to tmp directy and abuse .htaccess through the logs function for executing PHP files. | ||||
| CVE-2020-28693 | 1 Horizontcms Project | 1 Horizontcms | 2024-08-04 | 8.8 High |
| An unrestricted file upload issue in HorizontCMS 1.0.0-beta allows an authenticated remote attacker to upload PHP code through a zip file by uploading a theme, and executing the PHP file via an HTTP GET request to /themes/<php_file_name> | ||||
| CVE-2020-28328 | 1 Salesagility | 1 Suitecrm | 2024-08-04 | 8.8 High |
| SuiteCRM before 7.11.17 is vulnerable to remote code execution via the system settings Log File Name setting. In certain circumstances involving admin account takeover, logger_file_name can refer to an attacker-controlled .php file under the web root. | ||||
| CVE-2020-28165 | 1 Easycorp | 1 Zentao | 2024-08-04 | 9.8 Critical |
| The EasyCorp ZenTao PMS 12.4.2 application suffers from an arbitrary file upload vulnerability. An attacker can upload arbitrary webshell to the server by using the downloadZipPackage() function. | ||||
| CVE-2020-28173 | 1 Simple College Project | 1 Simple College | 2024-08-04 | 7.2 High |
| Simple College Website 1.0 allows a user to conduct remote code execution via /alumni/admin/ajax.php?action=save_settings when uploading a malicious file using the image upload functionality, which is stored in /alumni/admin/assets/uploads/. | ||||
| CVE-2020-28140 | 1 Online Clothing Store Project | 1 Online Clothing Store | 2024-08-04 | 9.8 Critical |
| SourceCodester Online Clothing Store 1.0 is affected by an arbitrary file upload via the image upload feature of Products.php. | ||||
| CVE-2020-28136 | 1 Phpgurukul | 1 Tourism Management System | 2024-08-04 | 8.8 High |
| An Arbitrary File Upload is discovered in SourceCodester Tourism Management System 1.0 allows the user to conduct remote code execution via admin/create-package.php vulnerable page. | ||||
| CVE-2020-28130 | 1 Online Library Management System Project | 1 Online Library Management System | 2024-08-04 | 9.8 Critical |
| An Arbitrary File Upload in the Upload Image component in SourceCodester Online Library Management System 1.0 allows the user to conduct remote code execution via admin/borrower/index.php?view=add because .php files can be uploaded to admin/borrower/photos (under the web root). | ||||
| CVE-2020-28072 | 1 Alumni Management System Project | 1 Alumni Management System | 2024-08-04 | 7.2 High |
| A Remote Code Execution vulnerability exists in DourceCodester Alumni Management System 1.0. An authenticated attacker can upload arbitrary file in the gallery.php page and executing it on the server reaching the RCE. | ||||
| CVE-2020-28088 | 1 Jeecg | 1 Jeecg Boot | 2024-08-04 | 9.8 Critical |
| An arbitrary file upload vulnerability in /jeecg-boot/sys/common/upload of jeecg-boot CMS 2.3 allows attackers to execute arbitrary code. | ||||
| CVE-2020-28062 | 1 Hisiphp | 1 Hisiphp | 2024-08-04 | 7.2 High |
| An Access Control vulnerability exists in HisiPHP 2.0.11 via special packets that are constructed in $files = Dir::getList($decompath. '/ Upload/Plugins /, which could let a remote malicious user execute arbitrary code. | ||||
| CVE-2020-28063 | 1 Articlecms Project | 1 Articlecms | 2024-08-04 | 9.8 Critical |
| A file upload issue exists in all versions of ArticleCMS which allows malicious users to getshell. | ||||
| CVE-2020-27956 | 1 Car Rental Management System Project | 1 Car Rental Management System | 2024-08-04 | 9.8 Critical |
| An Arbitrary File Upload in the Upload Image component in SourceCodester Car Rental Management System 1.0 allows the user to conduct remote code execution via admin/index.php?page=manage_car because .php files can be uploaded to admin/assets/uploads/ (under the web root). | ||||
| CVE-2020-27461 | 1 Seopanel | 1 Seopanel | 2024-08-04 | 8.8 High |
| A remote code execution vulnerability in SEOPanel 4.6.0 has been fixed for 4.7.0. This vulnerability allowed for remote code execution through an authenticated file upload via the Settings Panel>Import website function. | ||||
| CVE-2020-25790 | 1 Typesettercms | 1 Typesetter | 2024-08-04 | 7.2 High |
| Typesetter CMS 5.x through 5.1 allows admins to upload and execute arbitrary PHP code via a .php file inside a ZIP archive. NOTE: the vendor disputes the significance of this report because "admins are considered trustworthy"; however, the behavior "contradicts our security policy" and is being fixed for 5.2 | ||||