An unrestricted file upload issue in HorizontCMS 1.0.0-beta allows an authenticated remote attacker to upload PHP code through a zip file by uploading a theme, and executing the PHP file via an HTTP GET request to /themes/<php_file_name>
Metrics
Affected Vendors & Products
References
History
No history.
MITRE
Status: PUBLISHED
Assigner: mitre
Published: 2020-11-16T20:42:22
Updated: 2024-08-04T16:40:59.777Z
Reserved: 2020-11-16T00:00:00
Link: CVE-2020-28693
Vulnrichment
No data.
NVD
Status : Analyzed
Published: 2020-11-16T21:15:13.690
Modified: 2020-11-30T21:09:35.957
Link: CVE-2020-28693
Redhat
No data.