Total
2654 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2020-23829 | 1 Librehealth | 1 Librehealth Ehr | 2024-11-21 | 6.5 MEDIUM | 8.8 HIGH |
| interface/new/new_comprehensive_save.php in LibreHealth EHR 2.0.0 suffers from an authenticated file upload vulnerability, allowing remote attackers to achieve remote code execution (RCE) on the hosting webserver by uploading a maliciously crafted image. | |||||
| CVE-2020-23828 | 1 Online Course Registration Project | 1 Online Course Registration | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| A File Upload vulnerability in SourceCodester Online Course Registration v1.0 allows remote attackers to achieve Remote Code Execution (RCE) on the hosting webserver by uploading a crafted PHP web-shell that bypasses the image upload filters. An attack uses /Online%20Course%20Registration/my-profile.php with the POST parameter photo. | |||||
| CVE-2020-23790 | 1 Uxper | 1 Golo | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| An Arbitrary File Upload vulnerability was discovered in the Golo Laravel theme v 1.1.5. | |||||
| CVE-2020-23765 | 1 Bludit | 1 Bludit | 2024-11-21 | 6.5 MEDIUM | 7.2 HIGH |
| A file upload vulnerability was discovered in the file path /bl-plugins/backup/plugin.php on Bludit version 3.12.0. If an attacker is able to gain Administrator rights they will be able to use unsafe plugins to upload a backup file and control the server. | |||||
| CVE-2020-23591 | 1 Optilinknetwork | 2 Op-xt71000n, Op-xt71000n Firmware | 2024-11-21 | N/A | 9.8 CRITICAL |
| A vulnerability in OPTILINK OP-XT71000N Hardware Version: V2.2 , Firmware Version: OP_V3.3.1-191028 allows an attacker to upload arbitrary files through " /mgm_dev_upgrade.asp " which can "delete every file for Denial of Service (using 'rm -rf *.*' in the code), reverse connection (using '.asp' webshell), backdoor. | |||||
| CVE-2020-23572 | 1 Beescms | 1 Beescms | 2024-11-21 | 6.8 MEDIUM | 8.8 HIGH |
| BEESCMS v4.0 was discovered to contain an arbitrary file upload vulnerability via the component /admin/upload.php. This vulnerability allows attackers to execute arbitrary code via a crafted image file. | |||||
| CVE-2020-23564 | 1 Sem-cms | 1 Semcms | 2024-11-21 | N/A | 7.2 HIGH |
| File Upload vulnerability in SEMCMS 3.9 allows remote attackers to run arbitrary code via SEMCMS_Upfile.php. | |||||
| CVE-2020-23520 | 1 Txjia | 1 Imcat | 2024-11-21 | 6.5 MEDIUM | 7.2 HIGH |
| imcat 5.2 allows an authenticated file upload and consequently remote code execution via the picture functionality. | |||||
| CVE-2020-23138 | 1 Microweber | 1 Microweber | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| An unrestricted file upload vulnerability was discovered in the Microweber 1.1.18 admin account page. An attacker can upload PHP code or any extension (eg- .exe) to the web server by providing image data and the image/jpeg content type with a .php extension. | |||||
| CVE-2020-23083 | 1 Guojusoft | 1 Jeecg | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| Unrestricted File Upload in JEECG v4.0 and earlier allows remote attackers to execute arbitrary code or gain privileges by uploading a crafted file to the component "jeecgFormDemoController.do?commonUpload". | |||||
| CVE-2020-23043 | 1 Air Sender Project | 1 Air Sender | 2024-11-21 | 6.5 MEDIUM | 8.8 HIGH |
| Tran Tu Air Sender v1.0.2 was discovered to contain an arbitrary file upload vulnerability in the upload module. This vulnerability allows attackers to execute arbitrary code via a crafted file. | |||||
| CVE-2020-22755 | 1 Mingsoft | 1 Mcms | 2024-11-21 | N/A | 8.8 HIGH |
| File upload vulnerability in MCMS 5.0 allows attackers to execute arbitrary code via a crafted thumbnail. A different vulnerability than CVE-2022-31943. | |||||
| CVE-2020-22722 | 2 Microsoft, Rapidscada | 2 Windows, Rapid Scada | 2024-11-21 | 7.2 HIGH | 7.8 HIGH |
| Rapid Software LLC Rapid SCADA 5.8.0 is affected by a local privilege escalation vulnerability in the ScadaAgentSvc.exe executable file. An attacker can obtain admin privileges by placing a malicious .exe file in the application and renaming it ScadaAgentSvc.exe, which would result in executing the binary as NT AUTHORITY\SYSTEM in a Windows operating system. For example, an attacker can plant a reverse shell from a low privileged user account and by restarting the computer, the malicious service will be started as NT AUTHORITY\SYSTEM by giving the attacker full system access to the remote PC. | |||||
| CVE-2020-22721 | 1 Pnotes.net Project | 1 Pnotes.net | 2024-11-21 | 4.6 MEDIUM | 7.8 HIGH |
| A File Upload Vulnerability in PNotes - Andrey Gruber PNotes.NET v3.8.1.2 allows a local attacker to execute arbitrary code via the Miscellaneous " External Programs by uploading the malicious .exe file to the external program. | |||||
| CVE-2020-22643 | 1 Feehi | 1 Feehi Cms | 2024-11-21 | 6.5 MEDIUM | 7.2 HIGH |
| Feehi CMS 2.1.0 is affected by an arbitrary file upload vulnerability, potentially resulting in remote code execution. After an administrator logs in, open the administrator image upload page to potentially upload malicious files. | |||||
| CVE-2020-22539 | 2024-11-21 | N/A | 7.2 HIGH | ||
| An arbitrary file upload vulnerability in the Add Category function of Codoforum v4.9 allows attackers to execute arbitrary code via uploading a crafted file. | |||||
| CVE-2020-22249 | 1 Phplist | 1 Phplist | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| Remote Code Execution vulnerability in phplist 3.5.1. The application does not check any file extensions stored in the plugin zip file, Uploading a malicious plugin which contains the php files with extensions like PHP,phtml,php7 will be copied to the plugins directory which would lead to the remote code execution | |||||
| CVE-2020-22159 | 1 Evertz | 6 3080ipx, 3080ipx Firmware, 7801fc and 3 more | 2024-11-21 | N/A | 8.8 HIGH |
| EVERTZ devices 3080IPX exe-guest-v1.2-r26125, 7801FC 1.3 Build 27, and 7890IXG V494 are vulnerable to Arbitrary File Upload, allowing an authenticated attacker to upload a webshell or overwrite any critical system files. | |||||
| CVE-2020-22153 | 1 Thedaylightstudio | 1 Fuel Cms | 2024-11-21 | N/A | 9.8 CRITICAL |
| File Upload vulnerability in FUEL-CMS v.1.4.6 allows a remote attacker to execute arbitrary code via a crafted .php file to the upload parameter in the navigation function. | |||||
| CVE-2020-21976 | 1 Newsone Cms Project | 1 Newsone Cms | 2024-11-21 | 9.0 HIGH | 8.8 HIGH |
| An arbitrary file upload in the <input type="file" name="user_image"> component of NewsOne CMS v1.1.0 allows attackers to webshell and execute arbitrary commands. | |||||