Total
2499 CVE
CVE | Vendors | Products | Updated | CVSS v3.1 |
---|---|---|---|---|
CVE-2020-26007 | 1 Shopxo | 1 Shopxo | 2024-08-04 | 7.8 High |
An arbitrary file upload vulnerability in the upload payment plugin of ShopXO v1.9.0 allows attackers to execute arbitrary code via uploading a crafted PHP file. | ||||
CVE-2020-25763 | 1 Seat Reservation System Project | 1 Seat Reservation System | 2024-08-04 | 9.8 Critical |
Seat Reservation System version 1.0 suffers from an Unauthenticated File Upload Vulnerability allowing Remote Attackers to gain Remote Code Execution (RCE) on the Hosting Webserver via uploading PHP files. | ||||
CVE-2020-25733 | 1 Webtareas Project | 1 Webtareas | 2024-08-04 | 7.5 High |
webTareas through 2.1 allows upload of the dangerous .exe and .shtml file types. | ||||
CVE-2020-25515 | 1 Simple Library Management System Project | 1 Simple Library Management System | 2024-08-04 | 7.8 High |
Sourcecodester Simple Library Management System 1.0 is affected by Insecure Permissions via Books > New Book , http://<site>/lms/index.php?page=books. | ||||
CVE-2020-25537 | 1 Ucms Project | 1 Ucms | 2024-08-04 | 9.8 Critical |
File upload vulnerability exists in UCMS 1.5.0, and the attacker can take advantage of this vulnerability to obtain server management permission. | ||||
CVE-2020-25406 | 1 Lemocms | 1 Lemocms | 2024-08-04 | 7.3 High |
app\admin\controller\sys\Uploads.php in lemocms 1.8.x allows users to upload files to upload executable files. | ||||
CVE-2020-25483 | 1 Ucms Project | 1 Ucms | 2024-08-04 | 9.8 Critical |
An arbitrary command execution vulnerability exists in the fopen() function of file writes of UCMS v1.4.8, where an attacker can gain access to the server. | ||||
CVE-2020-25287 | 1 Pligg Project | 1 Pligg | 2024-08-04 | 7.2 High |
Pligg 2.0.3 allows remote authenticated users to execute arbitrary commands because the template editor can edit any file, as demonstrated by an admin/admin_editor.php the_file=..%2Findex.php&open=Open request. | ||||
CVE-2020-25213 | 1 Webdesi9 | 1 File Manager | 2024-08-04 | 10 Critical |
The File Manager (wp-file-manager) plugin before 6.9 for WordPress allows remote attackers to upload and execute arbitrary PHP code because it renames an unsafe example elFinder connector file to have the .php extension. This, for example, allows attackers to run the elFinder upload (or mkfile and put) command to write PHP code into the wp-content/plugins/wp-file-manager/lib/files/ directory. This was exploited in the wild in August and September 2020. | ||||
CVE-2020-25145 | 1 Observium | 1 Observium | 2024-08-04 | 8.8 High |
An issue was discovered in Observium Professional, Enterprise & Community 20.8.10631. It is vulnerable to directory traversal and local file inclusion due to the fact that there is an unrestricted possibility of loading any file with an inc.php extension. Inclusion of other files (even though limited to the mentioned extension) can lead to Remote Code Execution. This can occur via /device/device=345/?tab=ports&view=../ URIs because of device/port.inc.php. | ||||
CVE-2020-25133 | 1 Observium | 1 Observium | 2024-08-04 | 8.8 High |
An issue was discovered in Observium Professional, Enterprise & Community 20.8.10631. It is vulnerable to directory traversal and local file inclusion due to the fact that there is an unrestricted possibility of loading any file with an inc.php extension. Inclusion of other files (even though limited to the mentioned extension) can lead to Remote Code Execution. This can occur via /ports/?format=../ URIs to pages/ports.inc.php. | ||||
CVE-2020-25149 | 1 Observium | 1 Observium | 2024-08-04 | 8.8 High |
An issue was discovered in Observium Professional, Enterprise & Community 20.8.10631. It is vulnerable to directory traversal and local file inclusion due to the fact that there is an unrestricted possibility of loading any file with an inc.php extension. Inclusion of other files (even though limited to the mentioned extension) can lead to Remote Code Execution. This can occur via /device/device=345/?tab=health&metric=../ because of device/health.inc.php. | ||||
CVE-2020-25144 | 1 Observium | 1 Observium | 2024-08-04 | 8.8 High |
An issue was discovered in Observium Professional, Enterprise & Community 20.8.10631. It is vulnerable to directory traversal and local file inclusion due to the fact that there is an unrestricted possibility of loading any file with an inc.php extension. Inclusion of other files (even though limited to the mentioned extension) can lead to Remote Code Execution. This can occur via /apps/?app=../ URIs. | ||||
CVE-2020-25136 | 1 Observium | 1 Observium | 2024-08-04 | 8.8 High |
An issue was discovered in Observium Professional, Enterprise & Community 20.8.10631. It is vulnerable to directory traversal and local file inclusion due to the fact that there is an unrestricted possibility of loading any file with an inc.php extension. Inclusion of other files (even though limited to the mentioned extension) can lead to Remote Code Execution. This can occur via /device/device=345/?tab=routing&proto=../ URIs to device/routing.inc.php. | ||||
CVE-2020-25134 | 1 Observium | 1 Observium | 2024-08-04 | 8.8 High |
An issue was discovered in Observium Professional, Enterprise & Community 20.8.10631. It is vulnerable to directory traversal and local file inclusion due to the fact that there is an unrestricted possibility of loading any file with an inc.php extension. Inclusion of other files (even though limited to the mentioned extension) can lead to Remote Code Execution. This can occur via /settings/?format=../ URIs to pages/settings.inc.php. | ||||
CVE-2020-24986 | 1 Concretecms | 1 Concrete Cms | 2024-08-04 | 7.2 High |
Concrete5 up to and including 8.5.2 allows Unrestricted Upload of File with Dangerous Type such as a .php file via File Manager. It is possible to modify site configuration to upload the PHP file and execute arbitrary commands. | ||||
CVE-2020-25037 | 1 Ucopia | 1 Ucopia Wireless Appliance | 2024-08-04 | 8.2 High |
UCOPIA Wi-Fi appliances 6.0.5 allow arbitrary code execution with admin user privileges via an escape from a restricted command. | ||||
CVE-2020-25010 | 1 Kyland | 2 Kps2204 6 Port Managed Din-rail Programmable Serial Device, Kps2204 6 Port Managed Din-rail Programmable Serial Device Firmware | 2024-08-04 | 9.8 Critical |
An arbitrary code execution vulnerability in Kyland KPS2204 6 Port Managed Din-Rail Programmable Serial Device Servers Software Version:R0002.P05 allows remote attackers to upload a malicious script file by constructing a POST type request and writing a payload in the request parameters as an instruction to write a file. | ||||
CVE-2020-25042 | 1 Maracms | 1 Maracms | 2024-08-04 | 7.2 High |
An arbitrary file upload issue exists in Mara CMS 7.5. In order to exploit this, an attacker must have a valid authenticated (admin/manager) session and make a codebase/dir.php?type=filenew request to upload PHP code to codebase/handler.php. | ||||
CVE-2020-24948 | 1 Autoptimize | 1 Autoptimize | 2024-08-04 | 7.2 High |
The ao_ccss_import AJAX call in Autoptimize Wordpress Plugin 2.7.6 does not ensure that the file provided is a legitimate Zip file, allowing high privilege users to upload arbitrary files, such as PHP, leading to remote command execution. |