Total
2503 CVE
CVE | Vendors | Products | Updated | CVSS v3.1 |
---|---|---|---|---|
CVE-2020-19028 | 1 Emlog | 1 Emlog | 2024-08-04 | 7.5 High |
*File Upload vulnerability found in Emlog EmlogCMS v.6.0.0 allows a remote attacker to gain access to sensitive information via the /admin/plugin.php function. | ||||
CVE-2020-18879 | 1 Bludit | 1 Bludit | 2024-08-04 | 9.8 Critical |
Unrestricted File Upload in Bludit v3.8.1 allows remote attackers to execute arbitrary code by uploading malicious files via the component 'bl-kereln/ajax/upload-logo.php'. | ||||
CVE-2020-18886 | 1 Phpmywind | 1 Phpmywind | 2024-08-04 | 7.2 High |
Unrestricted File Upload in PHPMyWind v5.6 allows remote attackers to execute arbitrary code via the component 'admin/upload_file_do.php'. | ||||
CVE-2020-18704 | 1 Fusionbox | 1 Widgy | 2024-08-04 | 9.8 Critical |
Unrestricted Upload of File with Dangerous Type in Django-Widgy v0.8.4 allows remote attackers to execute arbitrary code via the 'image' widget in the component 'Change Widgy Page'. | ||||
CVE-2020-18462 | 1 Aikcms | 1 Aikcms | 2024-08-04 | 7.2 High |
File Upload vulnerabilty in AikCms v2.0.0 in poster_edit.php because the background file management office does not verify the uploaded file. | ||||
CVE-2020-18432 | 1 Sem-cms | 1 Semcms | 2024-08-04 | 9.8 Critical |
File Upload vulnerability in SEMCMS PHP 3.7 allows remote attackers to upload arbitrary files and gain escalated privileges. | ||||
CVE-2020-18261 | 1 Ed01-cms Project | 1 Ed01-cms | 2024-08-04 | 9.8 Critical |
An arbitrary file upload vulnerability in the image upload function of ED01-CMS v1.0 allows attackers to execute arbitrary commands. | ||||
CVE-2020-18166 | 1 Laobancms | 1 Laobancms | 2024-08-04 | 9.8 Critical |
Unrestricted File Upload in LAOBANCMS v2.0 allows remote attackers to upload arbitrary files by attaching a file with a ".jpg.php" extension to the component "admin/wenjian.php?wj=../templets/pc". | ||||
CVE-2020-18114 | 1 Dedecms | 1 Dedecms | 2024-08-04 | 9.8 Critical |
An arbitrary file upload vulnerability in the /uploads/dede component of DedeCMS V5.7SP2 allows attackers to upload a webshell in HTM format. | ||||
CVE-2020-17462 | 1 Cmsmadesimple | 1 Cms Made Simple | 2024-08-04 | 7.8 High |
CMS Made Simple 2.2.14 allows Authenticated Arbitrary File Upload because the File Manager does not block .ptar files, a related issue to CVE-2017-16798. | ||||
CVE-2020-17452 | 1 Flatcore | 1 Flatcore | 2024-08-04 | 7.2 High |
flatCore before 1.5.7 allows upload and execution of a .php file by an admin. | ||||
CVE-2020-15839 | 1 Liferay | 2 Digital Experience Platform, Liferay Portal | 2024-08-04 | 6.5 Medium |
Liferay Portal before 7.3.3, and Liferay DXP 7.1 before fix pack 18 and 7.2 before fix pack 6, does not restrict the size of a multipart/form-data POST action, which allows remote authenticated users to conduct denial-of-service attacks by uploading large files. | ||||
CVE-2020-15649 | 2 Google, Mozilla | 2 Android, Firefox Esr | 2024-08-04 | 5.5 Medium |
Given an installed malicious file picker application, an attacker was able to steal and upload local files of their choosing, regardless of the actually files picked. *Note: This issue only affected Firefox for Android. Other operating systems are unaffected.*. This vulnerability affects Firefox ESR < 68.11. | ||||
CVE-2020-15645 | 1 Marvell | 1 Qconvergeconsole | 2024-08-04 | 8.8 High |
This vulnerability allows remote attackers to execute arbitrary code on affected installations of Marvell QConvergeConsole 5.5.0.64. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed. The specific flaw exists within the getFileFromURL method of the GWTTestServiceImpl class. The issue results from the lack of proper validation of a user-supplied path prior to using it in file operations. An attacker can leverage this vulnerability to execute code in the context of SYSTEM. Was ZDI-CAN-10553. | ||||
CVE-2020-15488 | 1 Re-desk | 1 Re\ | 2024-08-04 | 7.5 High |
Re:Desk 2.3 allows insecure file upload. | ||||
CVE-2020-15277 | 1 Basercms | 1 Basercms | 2024-08-04 | 7.2 High |
baserCMS before version 4.4.1 is affected by Remote Code Execution (RCE). Code may be executed by logging in as a system administrator and uploading an executable script file such as a PHP file. The Edit template component is vulnerable. The issue is fixed in version 4.4.1. | ||||
CVE-2020-15189 | 1 Brassica | 1 Soy Cms | 2024-08-04 | 6.8 Medium |
SOY CMS 3.0.2 and earlier is affected by Remote Code Execution (RCE) using Unrestricted File Upload. Cross-Site Scripting(XSS) vulnerability that was used in CVE-2020-15183 can be used to increase impact by redirecting the administrator to access a specially crafted page. This vulnerability is caused by insecure configuration in elFinder. This is fixed in version 3.0.2.328. | ||||
CVE-2020-14209 | 1 Dolibarr | 1 Dolibarr | 2024-08-04 | 8.8 High |
Dolibarr before 11.0.5 allows low-privilege users to upload files of dangerous types, leading to arbitrary code execution. This occurs because .pht and .phar files can be uploaded. Also, a .htaccess file can be uploaded to reconfigure access control (e.g., to let .noexe files be executed as PHP code to defeat the .noexe protection mechanism). | ||||
CVE-2020-14022 | 1 Ozeki | 1 Ozeki Ng Sms Gateway | 2024-08-04 | 8.8 High |
Ozeki NG SMS Gateway 4.17.1 through 4.17.6 does not check the file type when bulk importing new contacts ("Import Contacts" functionality) from a file. It is possible to upload an executable or .bat file that can be executed with the help of a functionality (E.g. the "Application Starter" module) within the application. | ||||
CVE-2020-14067 | 1 Naviwebs | 1 Navigatecms | 2024-08-04 | 9.8 Critical |
The install_from_hash functionality in Navigate CMS 2.9 does not consider the .phtml extension when examining files within a ZIP archive that may contain PHP code, in check_upload in lib/packages/extensions/extension.class.php and lib/packages/themes/theme.class.php. |