Total
2503 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2020-11476 | 1 Concretecms | 1 Concrete Cms | 2024-08-04 | 7.2 High |
| Concrete5 before 8.5.3 allows Unrestricted Upload of File with Dangerous Type such as a .phar file. | ||||
| CVE-2020-11108 | 1 Pi-hole | 1 Pi-hole | 2024-08-04 | 8.8 High |
| The Gravity updater in Pi-hole through 4.4 allows an authenticated adversary to upload arbitrary files. This can be abused for Remote Code Execution by writing to a PHP file in the web directory. (Also, it can be used in conjunction with the sudo rule for the www-data user to escalate privileges to root.) The code error is in gravity_DownloadBlocklistFromUrl in gravity.sh. | ||||
| CVE-2020-11011 | 1 Phproject | 1 Phproject | 2024-08-04 | 9.9 Critical |
| In Phproject before version 1.7.8, there's a vulnerability which allows users with access to file uploads to execute arbitrary code. This is patched in version 1.7.8. | ||||
| CVE-2020-10963 | 1 Frozennode | 1 Laravel-administrator | 2024-08-04 | 7.2 High |
| FrozenNode Laravel-Administrator through 5.0.12 allows unrestricted file upload (and consequently Remote Code Execution) via admin/tips_image/image/file_upload image upload with PHP content within a GIF image that has the .php extension. NOTE: this product is discontinued. | ||||
| CVE-2020-10964 | 2 Microsoft, S9y | 2 Windows, Serendipity | 2024-08-04 | 9.8 Critical |
| Serendipity before 2.3.4 on Windows allows remote attackers to execute arbitrary code because the filename of a renamed file may end with a dot. This file may then be renamed to have a .php filename. | ||||
| CVE-2020-10934 | 1 Acyba | 1 Acymailing | 2024-08-04 | 7.2 High |
| Acyba AcyMailing before 6.9.2 mishandles file uploads by admins. | ||||
| CVE-2020-9320 | 1 Avira | 8 Anti-malware Sdk, Antivirus Server, Avira Antivirus For Endpoint and 5 more | 2024-08-04 | 5.5 Medium |
| Avira AV Engine before 8.3.54.138 allows virus-detection bypass via a crafted ISO archive. This affects versions before 8.3.54.138 of Antivirus for Endpoint, Antivirus for Small Business, Exchange Security (Gateway), Internet Security Suite for Windows, Prime, Free Security Suite for Windows, and Cross Platform Anti-malware SDK. NOTE: Vendor asserts that vulnerability does not exist in product | ||||
| CVE-2020-10569 | 1 Sysaid | 1 On-premise | 2024-08-04 | 9.8 Critical |
| SysAid On-Premise 20.1.11, by default, allows the AJP protocol port, which is vulnerable to a GhostCat attack. Additionally, it allows unauthenticated access to upload files, which can be used to execute commands on the system by chaining it with a GhostCat attack. NOTE: This may be a duplicate of CVE-2020-1938 | ||||
| CVE-2020-10806 | 1 Ez | 2 Ez Publish-kernel, Ez Publish-legacy | 2024-08-04 | 9.8 Critical |
| eZ Publish Kernel before 5.4.14.1, 6.x before 6.13.6.2, and 7.x before 7.5.6.2 and eZ Publish Legacy before 5.4.14.1, 2017 before 2017.12.7.2, and 2019 before 2019.03.4.2 allow remote attackers to execute arbitrary code by uploading PHP code, unless the vhost configuration permits only app.php execution. | ||||
| CVE-2020-10682 | 1 Cmsmadesimple | 1 Cms Made Simple | 2024-08-04 | 7.8 High |
| The Filemanager in CMS Made Simple 2.2.13 allows remote code execution via a .php.jpegd JPEG file, as demonstrated by m1_files[] to admin/moduleinterface.php. The file should be sent as application/octet-stream and contain PHP code (it need not be a valid JPEG file). | ||||
| CVE-2020-10621 | 1 Advantech | 1 Webaccess\/nms | 2024-08-04 | 9.8 Critical |
| Multiple issues exist that allow files to be uploaded and executed on the WebAccess/NMS (versions prior to 3.0.2). | ||||
| CVE-2020-10562 | 1 Devome | 1 Grr | 2024-08-04 | 7.2 High |
| An issue was discovered in DEVOME GRR before 3.4.1c. admin_edit_room.php mishandles file uploads. | ||||
| CVE-2020-10557 | 1 Atutor | 1 Acontent | 2024-08-04 | 8.8 High |
| An issue was discovered in AContent through 1.4. It allows the user to run commands on the server with a low-privileged account. The upload section in the file manager page contains an arbitrary file upload vulnerability via upload.php. The extension .php7 bypasses file upload restrictions. | ||||
| CVE-2020-10386 | 1 Chadhaajay | 1 Phpkb | 2024-08-04 | 7.2 High |
| admin/imagepaster/image-upload.php in Chadha PHPKB Standard Multi-Language 9 allows remote attackers to achieve Code Execution by uploading a .php file in the admin/js/ directory. | ||||
| CVE-2020-10228 | 1 Vtenext | 1 Vtenext | 2024-08-04 | 8.8 High |
| A file upload vulnerability in vtecrm vtenext 19 CE allows authenticated users to upload files with a .pht extension, resulting in remote code execution. | ||||
| CVE-2020-10224 | 1 Phpgurukul | 1 Online Book Store | 2024-08-04 | 9.8 Critical |
| An unauthenticated file upload vulnerability has been identified in admin_add.php in PHPGurukul Online Book Store 1.0. The vulnerability could be exploited by an unauthenticated remote attacker to upload content to the server, including PHP files, which could result in command execution. | ||||
| CVE-2020-10225 | 1 Phpgurukul | 1 Job Portal | 2024-08-04 | 9.8 Critical |
| An unauthenticated file upload vulnerability has been identified in admin/gallery.php in PHPGurukul Job Portal 1.0. The vulnerability could be exploited by an unauthenticated remote attacker to upload content to the server, including PHP files, which could result in command execution. | ||||
| CVE-2020-9472 | 1 Umbraco | 1 Umbraco Cms | 2024-08-04 | 6.5 Medium |
| Umbraco CMS 8.5.3 allows an authenticated file upload (and consequently Remote Code Execution) via the Install Package functionality. | ||||
| CVE-2020-9423 | 1 Logicaldoc | 1 Logicaldoc | 2024-08-04 | 9.8 Critical |
| LogicalDoc before 8.3.3 could allow an attacker to upload arbitrary files, leading to command execution or retrieval of data from the database. LogicalDoc provides a functionality to add documents. Those documents could then be used for multiple tasks, such as version control, shared among users, applying tags, etc. This functionality could be abused by an unauthenticated attacker to upload an arbitrary file in a restricted folder. This would lead to the executions of malicious commands with root privileges. | ||||
| CVE-2020-9471 | 1 Umbraco | 1 Umbraco Cms | 2024-08-04 | 8.8 High |
| Umbraco Cloud 8.5.3 allows an authenticated file upload (and consequently Remote Code Execution) via the Install Packages functionality. | ||||