Total
3531 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2020-29592 | 1 Orchardproject | 1 Orchard | 2024-11-21 | 9.8 Critical |
| An issue was discovered in Orchard before 1.10. A broken access control issue in Orchard components that use the TinyMCE HTML editor's file upload allows an attacker to upload dangerous executables that bypass the file types allowed (regardless of the file types allowed list in Media settings). | ||||
| CVE-2020-29450 | 1 Atlassian | 2 Confluence Data Center, Confluence Server | 2024-11-21 | 6.5 Medium |
| Affected versions of Atlassian Confluence Server and Data Center allow remote attackers to impact the application's availability via a Denial of Service (DoS) vulnerability in the avatar upload feature. The affected versions are before version 7.2.0. | ||||
| CVE-2020-29447 | 1 Atlassian | 1 Crucible | 2024-11-21 | 4.3 Medium |
| Affected versions of Atlassian Crucible allow remote attackers to impact the application's availability via a Denial of Service (DoS) vulnerability in the file upload request feature of code reviews. The affected versions are before version 4.7.4, and from version 4.8.0 before 4.8.5. | ||||
| CVE-2020-29441 | 1 Outsystems | 1 Outsystems | 2024-11-21 | 7.2 High |
| An issue was discovered in the Upload Widget in OutSystems Platform 10 before 10.0.1019.0. An unauthenticated attacker can upload arbitrary files. In some cases, this attack may consume the available database space (Denial of Service), corrupt legitimate data if files are being processed asynchronously, or deny access to legitimate uploaded files. | ||||
| CVE-2020-29176 | 1 Zblogcn | 1 Z-blogphp | 2024-11-21 | 7.8 High |
| An arbitrary file upload vulnerability in Z-BlogPHP v1.6.1.2100 allows attackers to execute arbitrary code via a crafted JPG file. | ||||
| CVE-2020-29032 | 1 Secomea | 2 Gatemanager 8250, Gatemanager 8250 Firmware | 2024-11-21 | 8.4 High |
| Upload of Code Without Integrity Check vulnerability in firmware archive of Secomea GateManager allows authenticated attacker to execute malicious code on server. This issue affects: Secomea GateManager all versions prior to 9.4.621054022 | ||||
| CVE-2020-28939 | 1 Openclinic Project | 1 Openclinic | 2024-11-21 | 7.2 High |
| OpenClinic version 0.8.2 is affected by a medical/test_new.php insecure file upload vulnerability. This vulnerability allows authenticated users (with substantial privileges) to upload malicious files, such as PHP web shells, which can lead to arbitrary code execution on the application server. | ||||
| CVE-2020-28871 | 1 Monitorr | 1 Monitorr | 2024-11-21 | 9.8 Critical |
| Remote code execution in Monitorr v1.7.6m in upload.php allows an unauthorized person to execute arbitrary code on the server-side via an insecure file upload. | ||||
| CVE-2020-28693 | 1 Horizontcms Project | 1 Horizontcms | 2024-11-21 | 8.8 High |
| An unrestricted file upload issue in HorizontCMS 1.0.0-beta allows an authenticated remote attacker to upload PHP code through a zip file by uploading a theme, and executing the PHP file via an HTTP GET request to /themes/<php_file_name> | ||||
| CVE-2020-28692 | 1 Gilacms | 1 Gila Cms | 2024-11-21 | 7.2 High |
| In Gila CMS 1.16.0, an attacker can upload a shell to tmp directy and abuse .htaccess through the logs function for executing PHP files. | ||||
| CVE-2020-28688 | 1 Artworks Gallery In Php\, Css\, Javascript\, And Mysql Project | 1 Artworks Gallery In Php\, Css\, Javascript\, And Mysql | 2024-11-21 | 8.8 High |
| The add artwork functionality in ARTWORKS GALLERY IN PHP, CSS, JAVASCRIPT, AND MYSQL 1.0 allows remote attackers to upload arbitrary files. | ||||
| CVE-2020-28687 | 1 Artworks Gallery In Php\, Css\, Javascript\, And Mysql Project | 1 Artworks Gallery In Php\, Css\, Javascript\, And Mysql | 2024-11-21 | 8.8 High |
| The edit profile functionality in ARTWORKS GALLERY IN PHP, CSS, JAVASCRIPT, AND MYSQL 1.0 allows remote attackers to upload arbitrary files. | ||||
| CVE-2020-28328 | 1 Salesagility | 1 Suitecrm | 2024-11-21 | 8.8 High |
| SuiteCRM before 7.11.17 is vulnerable to remote code execution via the system settings Log File Name setting. In certain circumstances involving admin account takeover, logger_file_name can refer to an attacker-controlled .php file under the web root. | ||||
| CVE-2020-28173 | 1 Simple College Project | 1 Simple College | 2024-11-21 | 7.2 High |
| Simple College Website 1.0 allows a user to conduct remote code execution via /alumni/admin/ajax.php?action=save_settings when uploading a malicious file using the image upload functionality, which is stored in /alumni/admin/assets/uploads/. | ||||
| CVE-2020-28165 | 1 Easycorp | 1 Zentao | 2024-11-21 | 9.8 Critical |
| The EasyCorp ZenTao PMS 12.4.2 application suffers from an arbitrary file upload vulnerability. An attacker can upload arbitrary webshell to the server by using the downloadZipPackage() function. | ||||
| CVE-2020-28140 | 1 Online Clothing Store Project | 1 Online Clothing Store | 2024-11-21 | 9.8 Critical |
| SourceCodester Online Clothing Store 1.0 is affected by an arbitrary file upload via the image upload feature of Products.php. | ||||
| CVE-2020-28136 | 1 Phpgurukul | 1 Tourism Management System | 2024-11-21 | 8.8 High |
| An Arbitrary File Upload is discovered in SourceCodester Tourism Management System 1.0 allows the user to conduct remote code execution via admin/create-package.php vulnerable page. | ||||
| CVE-2020-28130 | 1 Online Library Management System Project | 1 Online Library Management System | 2024-11-21 | 9.8 Critical |
| An Arbitrary File Upload in the Upload Image component in SourceCodester Online Library Management System 1.0 allows the user to conduct remote code execution via admin/borrower/index.php?view=add because .php files can be uploaded to admin/borrower/photos (under the web root). | ||||
| CVE-2020-28088 | 1 Jeecg | 1 Jeecg Boot | 2024-11-21 | 9.8 Critical |
| An arbitrary file upload vulnerability in /jeecg-boot/sys/common/upload of jeecg-boot CMS 2.3 allows attackers to execute arbitrary code. | ||||
| CVE-2020-28072 | 1 Alumni Management System Project | 1 Alumni Management System | 2024-11-21 | 7.2 High |
| A Remote Code Execution vulnerability exists in DourceCodester Alumni Management System 1.0. An authenticated attacker can upload arbitrary file in the gallery.php page and executing it on the server reaching the RCE. | ||||