Total
3326 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2020-19672 | 1 Niushop | 1 Niushop | 2024-11-21 | 9.8 Critical |
| Niushop B2B2C Multi-business basic version V1.11, can bypass the administrator to obtain the background upload interface, through parameter upload, bypass the getimagesize function, upload php file, getshell. | ||||
| CVE-2020-19642 | 1 Insma | 2 Wifi Mini Spy 1080p Hd Security Ip Camera, Wifi Mini Spy 1080p Hd Security Ip Camera Firmware | 2024-11-21 | 6.2 Medium |
| An issue was discovered in INSMA Wifi Mini Spy 1080P HD Security IP Camera 1.9.7 B. A local attacker can execute arbitrary code via editing the 'recdata.db' file to call a specially crafted GoAhead ASP-file on the SD card. | ||||
| CVE-2020-19510 | 2 Microsoft, Textpattern | 2 Windows, Textpattern | 2024-11-21 | 9.8 Critical |
| Textpattern 4.7.3 contains an aribtrary file load via the file_insert function in include/txp_file.php. | ||||
| CVE-2020-19364 | 1 Open-emr | 1 Openemr | 2024-11-21 | 8.8 High |
| OpenEMR 5.0.1 allows an authenticated attacker to upload and execute malicious PHP scripts through /controller.php. | ||||
| CVE-2020-19303 | 1 Houdunren | 1 Hdcms | 2024-11-21 | 7.8 High |
| An arbitrary file upload vulnerability in /fileupload.php of hdcms 5.7 allows attackers to execute arbitrary code via a crafted file. | ||||
| CVE-2020-19302 | 1 Vaethink | 1 Vaethink | 2024-11-21 | 9.8 Critical |
| An arbitrary file upload vulnerability in the avatar upload function of vaeThink v1.0.1 allows attackers to open a webshell via changing uploaded file suffixes to ".php". | ||||
| CVE-2020-19267 | 1 Dswjcms Project | 1 Dswjcms | 2024-11-21 | 9.8 Critical |
| An issue in index.php/Dswjcms/Basis/resources of Dswjcms 1.6.4 allows attackers to execute arbitrary code via uploading a crafted PHP file. | ||||
| CVE-2020-19228 | 1 Bludit | 1 Bludit | 2024-11-21 | 7.2 High |
| An issue was found in bludit v3.13.0, unsafe implementation of the backup plugin allows attackers to upload arbitrary files. | ||||
| CVE-2020-19138 | 1 Dotcms | 1 Dotcms | 2024-11-21 | 9.8 Critical |
| Unrestricted Upload of File with Dangerous Type in DotCMS v5.2.3 and earlier allow remote attackers to execute arbitrary code via the component "/src/main/java/com/dotmarketing/filters/CMSFilter.java". | ||||
| CVE-2020-19113 | 1 Projectworlds | 1 Online Book Store Project In Php | 2024-11-21 | 9.8 Critical |
| Arbitrary File Upload vulnerability in Online Book Store v1.0 in admin_add.php, which may lead to remote code execution. | ||||
| CVE-2020-18912 | 1 Earcms | 1 Ear | 2024-11-21 | 9.8 Critical |
| An issue found in Earcms Ear App v.20181124 allows a remote attacker to execute arbitrary code via the uload/index-uplog.php. | ||||
| CVE-2020-18886 | 1 Phpmywind | 1 Phpmywind | 2024-11-21 | 7.2 High |
| Unrestricted File Upload in PHPMyWind v5.6 allows remote attackers to execute arbitrary code via the component 'admin/upload_file_do.php'. | ||||
| CVE-2020-18879 | 1 Bludit | 1 Bludit | 2024-11-21 | 9.8 Critical |
| Unrestricted File Upload in Bludit v3.8.1 allows remote attackers to execute arbitrary code by uploading malicious files via the component 'bl-kereln/ajax/upload-logo.php'. | ||||
| CVE-2020-18704 | 1 Fusionbox | 1 Widgy | 2024-11-21 | 9.8 Critical |
| Unrestricted Upload of File with Dangerous Type in Django-Widgy v0.8.4 allows remote attackers to execute arbitrary code via the 'image' widget in the component 'Change Widgy Page'. | ||||
| CVE-2020-18462 | 1 Aikcms | 1 Aikcms | 2024-11-21 | 7.2 High |
| File Upload vulnerabilty in AikCms v2.0.0 in poster_edit.php because the background file management office does not verify the uploaded file. | ||||
| CVE-2020-18261 | 1 Ed01-cms Project | 1 Ed01-cms | 2024-11-21 | 9.8 Critical |
| An arbitrary file upload vulnerability in the image upload function of ED01-CMS v1.0 allows attackers to execute arbitrary commands. | ||||
| CVE-2020-18166 | 1 Laobancms | 1 Laobancms | 2024-11-21 | 9.8 Critical |
| Unrestricted File Upload in LAOBANCMS v2.0 allows remote attackers to upload arbitrary files by attaching a file with a ".jpg.php" extension to the component "admin/wenjian.php?wj=../templets/pc". | ||||
| CVE-2020-18114 | 1 Dedecms | 1 Dedecms | 2024-11-21 | 9.8 Critical |
| An arbitrary file upload vulnerability in the /uploads/dede component of DedeCMS V5.7SP2 allows attackers to upload a webshell in HTM format. | ||||
| CVE-2020-17462 | 1 Cmsmadesimple | 1 Cms Made Simple | 2024-11-21 | 7.8 High |
| CMS Made Simple 2.2.14 allows Authenticated Arbitrary File Upload because the File Manager does not block .ptar files, a related issue to CVE-2017-16798. | ||||
| CVE-2020-17452 | 1 Flatcore | 1 Flatcore | 2024-11-21 | 7.2 High |
| flatCore before 1.5.7 allows upload and execution of a .php file by an admin. | ||||