Total
2501 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2020-20287 | 1 Yccms | 1 Yccms | 2024-08-04 | 9.8 Critical |
| Unrestricted file upload vulnerability in the yccms 3.3 project. The xhUp function's improper judgment of the request parameters, triggers remote code execution. | ||||
| CVE-2020-19802 | 1 Doyocms Project | 1 Doyocms | 2024-08-04 | 9.8 Critical |
| File Upload vulnerability found in Milken DoyoCMS v.2.3 allows a remote attacker to execute arbitrary code via the upload file type parameter. | ||||
| CVE-2020-20067 | 1 Ebcms | 1 Ebcms | 2024-08-04 | 8.8 High |
| File upload vulnerability in ebCMS v.1.1.0 allows a remote attacker to execute arbitrary code via the upload type parameter. | ||||
| CVE-2020-19786 | 1 Cszcms | 1 Csz Cms | 2024-08-04 | 8.8 High |
| File upload vulnerability in CSKaza CSZ CMS v.1.2.2 fixed in v1.2.4 allows attacker to execute aritrary commands and code via crafted PHP file. | ||||
| CVE-2020-19672 | 1 Niushop | 1 Niushop | 2024-08-04 | 9.8 Critical |
| Niushop B2B2C Multi-business basic version V1.11, can bypass the administrator to obtain the background upload interface, through parameter upload, bypass the getimagesize function, upload php file, getshell. | ||||
| CVE-2020-19642 | 1 Insma | 2 Wifi Mini Spy 1080p Hd Security Ip Camera, Wifi Mini Spy 1080p Hd Security Ip Camera Firmware | 2024-08-04 | 6.2 Medium |
| An issue was discovered in INSMA Wifi Mini Spy 1080P HD Security IP Camera 1.9.7 B. A local attacker can execute arbitrary code via editing the 'recdata.db' file to call a specially crafted GoAhead ASP-file on the SD card. | ||||
| CVE-2020-19510 | 2 Microsoft, Textpattern | 2 Windows, Textpattern | 2024-08-04 | 9.8 Critical |
| Textpattern 4.7.3 contains an aribtrary file load via the file_insert function in include/txp_file.php. | ||||
| CVE-2020-19303 | 1 Houdunren | 1 Hdcms | 2024-08-04 | 7.8 High |
| An arbitrary file upload vulnerability in /fileupload.php of hdcms 5.7 allows attackers to execute arbitrary code via a crafted file. | ||||
| CVE-2020-19302 | 1 Vaethink | 1 Vaethink | 2024-08-04 | 9.8 Critical |
| An arbitrary file upload vulnerability in the avatar upload function of vaeThink v1.0.1 allows attackers to open a webshell via changing uploaded file suffixes to ".php". | ||||
| CVE-2020-19267 | 1 Dswjcms Project | 1 Dswjcms | 2024-08-04 | 9.8 Critical |
| An issue in index.php/Dswjcms/Basis/resources of Dswjcms 1.6.4 allows attackers to execute arbitrary code via uploading a crafted PHP file. | ||||
| CVE-2020-19113 | 1 Projectworlds | 1 Online Book Store Project In Php | 2024-08-04 | 9.8 Critical |
| Arbitrary File Upload vulnerability in Online Book Store v1.0 in admin_add.php, which may lead to remote code execution. | ||||
| CVE-2020-19228 | 1 Bludit | 1 Bludit | 2024-08-04 | 7.2 High |
| An issue was found in bludit v3.13.0, unsafe implementation of the backup plugin allows attackers to upload arbitrary files. | ||||
| CVE-2020-19364 | 1 Open-emr | 1 Openemr | 2024-08-04 | 8.8 High |
| OpenEMR 5.0.1 allows an authenticated attacker to upload and execute malicious PHP scripts through /controller.php. | ||||
| CVE-2020-18912 | 1 Earcms | 1 Ear | 2024-08-04 | 9.8 Critical |
| An issue found in Earcms Ear App v.20181124 allows a remote attacker to execute arbitrary code via the uload/index-uplog.php. | ||||
| CVE-2020-19138 | 1 Dotcms | 1 Dotcms | 2024-08-04 | 9.8 Critical |
| Unrestricted Upload of File with Dangerous Type in DotCMS v5.2.3 and earlier allow remote attackers to execute arbitrary code via the component "/src/main/java/com/dotmarketing/filters/CMSFilter.java". | ||||
| CVE-2020-19028 | 1 Emlog | 1 Emlog | 2024-08-04 | 7.5 High |
| *File Upload vulnerability found in Emlog EmlogCMS v.6.0.0 allows a remote attacker to gain access to sensitive information via the /admin/plugin.php function. | ||||
| CVE-2020-18879 | 1 Bludit | 1 Bludit | 2024-08-04 | 9.8 Critical |
| Unrestricted File Upload in Bludit v3.8.1 allows remote attackers to execute arbitrary code by uploading malicious files via the component 'bl-kereln/ajax/upload-logo.php'. | ||||
| CVE-2020-18886 | 1 Phpmywind | 1 Phpmywind | 2024-08-04 | 7.2 High |
| Unrestricted File Upload in PHPMyWind v5.6 allows remote attackers to execute arbitrary code via the component 'admin/upload_file_do.php'. | ||||
| CVE-2020-18704 | 1 Fusionbox | 1 Widgy | 2024-08-04 | 9.8 Critical |
| Unrestricted Upload of File with Dangerous Type in Django-Widgy v0.8.4 allows remote attackers to execute arbitrary code via the 'image' widget in the component 'Change Widgy Page'. | ||||
| CVE-2020-18462 | 1 Aikcms | 1 Aikcms | 2024-08-04 | 7.2 High |
| File Upload vulnerabilty in AikCms v2.0.0 in poster_edit.php because the background file management office does not verify the uploaded file. | ||||