Total
6555 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2020-19279 | 1 Wide Project | 1 Wide | 2024-11-21 | N/A | 9.8 CRITICAL |
| Directory Traversal vulnerability found in B3log Wide allows a an attacker to escalate privileges via symbolic links. | |||||
| CVE-2020-19154 | 1 Jflyfox | 1 Jfinal Cms | 2024-11-21 | 4.0 MEDIUM | 6.5 MEDIUM |
| Improper Access Control in Jfinal CMS v4.7.1 and earlier allows remote attackers to obtain sensitive information via the 'FileManager.editFile()' function in the component 'modules/filemanager/FileManagerController.java'. | |||||
| CVE-2020-19150 | 1 Jflyfox | 1 Jfinal Cms | 2024-11-21 | 5.5 MEDIUM | 8.1 HIGH |
| Improper Access Control in Jfinal CMS v4.7.1 and earlier allows remote attackers to obtain sensitive information or cause a denial of service via the 'FileManager.delete()' function in the component 'modules/filemanager/FileManagerController.java'. | |||||
| CVE-2020-19147 | 1 Jflyfox | 1 Jfinal Cms | 2024-11-21 | 4.0 MEDIUM | 6.5 MEDIUM |
| Improper Access Control in Jfinal CMS v4.7.1 and earlier allows remote attackers to obtain sensitive infromation via the 'getFolder()' function in the component '/modules/filemanager/FileManager.java'. | |||||
| CVE-2020-19146 | 1 Jflyfox | 1 Jfinal Cms | 2024-11-21 | 4.0 MEDIUM | 6.5 MEDIUM |
| Improper Access Control in Jfinal CMS v4.7.1 and earlier allows remote attackers to obtain sensitive information via the 'TemplatePath' parameter in the component 'jfinal_cms/admin/folder/list'. | |||||
| CVE-2020-18878 | 1 Skycaiji | 1 Skycaiji | 2024-11-21 | 5.0 MEDIUM | 5.3 MEDIUM |
| Directory Traversal in Skycaiji v1.3 allows remote attackers to obtain sensitive information via the component 'index.php?m=admin&c=Tool&a=log&file=D%3A%5CphpStudy%5CWWW%5Cindex.php'. | |||||
| CVE-2020-18665 | 1 Webport | 1 Web Port | 2024-11-21 | 5.0 MEDIUM | 5.3 MEDIUM |
| Directory Traversal vulnerability in WebPort <=1.19.1 in tags of system settings. | |||||
| CVE-2020-18438 | 1 Phpok | 1 Phpok | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| Directory traversal vulnerability in qinggan phpok 5.1, allows attackers to disclose sensitive information, via the title parameter to admin.php. | |||||
| CVE-2020-18331 | 1 Chinamobileltd | 2 Gpn2.4p21-c-cn, Gpn2.4p21-c-cn Firmware | 2024-11-21 | N/A | 9.1 CRITICAL |
| Directory traversal vulnerability in ChinaMobile PLC Wireless Router model GPN2.4P21-C-CN running the firmware version W2000EN-01(hardware platform Gpn2.4P21-C_WIFI-V0.05), via the getpage parameter to /cgi-bin/webproc. | |||||
| CVE-2020-18330 | 1 Chinamobileltd | 2 Gpn2.4p21-c-cn, Gpn2.4p21-c-cn Firmware | 2024-11-21 | N/A | 9.1 CRITICAL |
| An issue was discovered in the default configuration of ChinaMobile PLC Wireless Router model GPN2.4P21-C-CN running the firmware version W2000EN-01(hardware platform Gpn2.4P21-C_WIFI-V0.05), allows attackers to gain access to the configuration interface. | |||||
| CVE-2020-18191 | 1 Get-simple | 1 Getsimplecms | 2024-11-21 | 6.4 MEDIUM | 9.1 CRITICAL |
| GetSimpleCMS-3.3.15 is affected by directory traversal. Remote attackers are able to delete arbitrary files via /GetSimpleCMS-3.3.15/admin/log.php | |||||
| CVE-2020-18190 | 1 Bludit | 1 Bludit | 2024-11-21 | 6.4 MEDIUM | 9.1 CRITICAL |
| Bludit v3.8.1 is affected by directory traversal. Remote attackers are able to delete arbitrary files via /admin/ajax/upload-profile-picture. | |||||
| CVE-2020-18178 | 1 Hongcms Project | 1 Hongcms | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| Path Traversal in HongCMS v4.0.0 allows remote attackers to view, edit, and delete arbitrary files via a crafted POST request to the component "/hcms/admin/index.php/language/ajax." | |||||
| CVE-2020-18127 | 1 Indexhibit | 1 Indexhibit | 2024-11-21 | 4.0 MEDIUM | 6.5 MEDIUM |
| An issue in the /config/config.php component of Indexhibit 2.1.5 allows attackers to arbitrarily view files. | |||||
| CVE-2020-18070 | 1 Idreamsoft | 1 Icms | 2024-11-21 | 6.4 MEDIUM | 9.1 CRITICAL |
| Path Traversal in iCMS v7.0.13 allows remote attackers to delete folders by injecting commands into a crafted HTTP request to the "do_del()" method of the component "database.admincp.php". | |||||
| CVE-2020-17564 | 1 Feifeicms | 1 Feifeicms | 2024-11-21 | 6.4 MEDIUM | 9.1 CRITICAL |
| Path Traversal in FeiFeiCMS v4.0 allows remote attackers to delete arbitrary files by sending a crafted HTTP request to the " Admin/DataAction.class.php" component. | |||||
| CVE-2020-17563 | 1 Feifeicms | 1 Feifeicms | 2024-11-21 | 6.4 MEDIUM | 9.1 CRITICAL |
| Path Traversal in FeiFeiCMS v4.0 allows remote attackers to delete arbitrary files by sending a crafted HTTP request to " /index.php?s=/admin-tpl-del&id=". | |||||
| CVE-2020-17518 | 1 Apache | 1 Flink | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| Apache Flink 1.5.1 introduced a REST handler that allows you to write an uploaded file to an arbitrary location on the local file system, through a maliciously modified HTTP HEADER. The files can be written to any location accessible by Flink 1.5.1. All users should upgrade to Flink 1.11.3 or 1.12.0 if their Flink instance(s) are exposed. The issue was fixed in commit a5264a6f41524afe8ceadf1d8ddc8c80f323ebc4 from apache/flink:master. | |||||
| CVE-2020-17389 | 1 Marvell | 1 Qconvergeconsole | 2024-11-21 | 9.0 HIGH | 8.8 HIGH |
| This vulnerability allows remote attackers to execute arbitrary code on affected installations of Marvell QConvergeConsole 5.5.0.64. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed. The specific flaw exists within the decryptFile method of the GWTTestServiceImpl class. The issue results from the lack of proper validation of a user-supplied path prior to using it in file operations. An attacker can leverage this vulnerability to execute code in the context of SYSTEM. Was ZDI-CAN-10502. | |||||
| CVE-2020-17387 | 1 Marvell | 1 Qconvergeconsole | 2024-11-21 | 9.0 HIGH | 8.8 HIGH |
| This vulnerability allows remote attackers to execute arbitrary code on affected installations of Marvell QConvergeConsole 5.5.0.64. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed. The specific flaw exists within the writeObjectToConfigFile method of the GWTTestServiceImpl class. The issue results from the lack of proper validation of a user-supplied path prior to using it in file operations. An attacker can leverage this vulnerability to execute code in the context of SYSTEM. Was ZDI-CAN-10565. | |||||