Total
3530 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2020-10964 | 2 Microsoft, S9y | 2 Windows, Serendipity | 2024-11-21 | 9.8 Critical |
| Serendipity before 2.3.4 on Windows allows remote attackers to execute arbitrary code because the filename of a renamed file may end with a dot. This file may then be renamed to have a .php filename. | ||||
| CVE-2020-10963 | 1 Frozennode | 1 Laravel-administrator | 2024-11-21 | 7.2 High |
| FrozenNode Laravel-Administrator through 5.0.12 allows unrestricted file upload (and consequently Remote Code Execution) via admin/tips_image/image/file_upload image upload with PHP content within a GIF image that has the .php extension. NOTE: this product is discontinued. | ||||
| CVE-2020-10934 | 1 Acyba | 1 Acymailing | 2024-11-21 | 7.2 High |
| Acyba AcyMailing before 6.9.2 mishandles file uploads by admins. | ||||
| CVE-2020-10806 | 1 Ez | 2 Ez Publish-kernel, Ez Publish-legacy | 2024-11-21 | 9.8 Critical |
| eZ Publish Kernel before 5.4.14.1, 6.x before 6.13.6.2, and 7.x before 7.5.6.2 and eZ Publish Legacy before 5.4.14.1, 2017 before 2017.12.7.2, and 2019 before 2019.03.4.2 allow remote attackers to execute arbitrary code by uploading PHP code, unless the vhost configuration permits only app.php execution. | ||||
| CVE-2020-10682 | 1 Cmsmadesimple | 1 Cms Made Simple | 2024-11-21 | 7.8 High |
| The Filemanager in CMS Made Simple 2.2.13 allows remote code execution via a .php.jpegd JPEG file, as demonstrated by m1_files[] to admin/moduleinterface.php. The file should be sent as application/octet-stream and contain PHP code (it need not be a valid JPEG file). | ||||
| CVE-2020-10621 | 1 Advantech | 1 Webaccess\/nms | 2024-11-21 | 9.8 Critical |
| Multiple issues exist that allow files to be uploaded and executed on the WebAccess/NMS (versions prior to 3.0.2). | ||||
| CVE-2020-10569 | 1 Sysaid | 1 On-premise | 2024-11-21 | 9.8 Critical |
| SysAid On-Premise 20.1.11, by default, allows the AJP protocol port, which is vulnerable to a GhostCat attack. Additionally, it allows unauthenticated access to upload files, which can be used to execute commands on the system by chaining it with a GhostCat attack. NOTE: This may be a duplicate of CVE-2020-1938 | ||||
| CVE-2020-10562 | 1 Devome | 1 Grr | 2024-11-21 | 7.2 High |
| An issue was discovered in DEVOME GRR before 3.4.1c. admin_edit_room.php mishandles file uploads. | ||||
| CVE-2020-10557 | 1 Atutor | 1 Acontent | 2024-11-21 | 8.8 High |
| An issue was discovered in AContent through 1.4. It allows the user to run commands on the server with a low-privileged account. The upload section in the file manager page contains an arbitrary file upload vulnerability via upload.php. The extension .php7 bypasses file upload restrictions. | ||||
| CVE-2020-10507 | 1 The School Manage System Project | 1 The School Manage System | 2024-11-21 | 9.8 Critical |
| The School Manage System before 2020, developed by ALLE INFORMATION CO., LTD., contains a vulnerability of Unrestricted file upload (RCE) , that would allow attackers to gain access in the hosting machine. | ||||
| CVE-2020-10386 | 1 Chadhaajay | 1 Phpkb | 2024-11-21 | 7.2 High |
| admin/imagepaster/image-upload.php in Chadha PHPKB Standard Multi-Language 9 allows remote attackers to achieve Code Execution by uploading a .php file in the admin/js/ directory. | ||||
| CVE-2020-10228 | 1 Vtenext | 1 Vtenext | 2024-11-21 | 8.8 High |
| A file upload vulnerability in vtecrm vtenext 19 CE allows authenticated users to upload files with a .pht extension, resulting in remote code execution. | ||||
| CVE-2020-10225 | 1 Phpgurukul | 1 Job Portal | 2024-11-21 | 9.8 Critical |
| An unauthenticated file upload vulnerability has been identified in admin/gallery.php in PHPGurukul Job Portal 1.0. The vulnerability could be exploited by an unauthenticated remote attacker to upload content to the server, including PHP files, which could result in command execution. | ||||
| CVE-2020-10224 | 1 Phpgurukul | 1 Online Book Store | 2024-11-21 | 9.8 Critical |
| An unauthenticated file upload vulnerability has been identified in admin_add.php in PHPGurukul Online Book Store 1.0. The vulnerability could be exploited by an unauthenticated remote attacker to upload content to the server, including PHP files, which could result in command execution. | ||||
| CVE-2020-0974 | 1 Microsoft | 2 Sharepoint Enterprise Server, Sharepoint Server | 2024-11-21 | 8.8 High |
| A remote code execution vulnerability exists in Microsoft SharePoint when the software fails to check the source markup of an application package, aka 'Microsoft SharePoint Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2020-0920, CVE-2020-0929, CVE-2020-0931, CVE-2020-0932, CVE-2020-0971. | ||||
| CVE-2020-0971 | 1 Microsoft | 3 Sharepoint Enterprise Server, Sharepoint Foundation, Sharepoint Server | 2024-11-21 | 8.8 High |
| A remote code execution vulnerability exists in Microsoft SharePoint when the software fails to check the source markup of an application package, aka 'Microsoft SharePoint Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2020-0920, CVE-2020-0929, CVE-2020-0931, CVE-2020-0932, CVE-2020-0974. | ||||
| CVE-2020-0932 | 1 Microsoft | 3 Sharepoint Enterprise Server, Sharepoint Foundation, Sharepoint Server | 2024-11-21 | 8.8 High |
| A remote code execution vulnerability exists in Microsoft SharePoint when the software fails to check the source markup of an application package, aka 'Microsoft SharePoint Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2020-0920, CVE-2020-0929, CVE-2020-0931, CVE-2020-0971, CVE-2020-0974. | ||||
| CVE-2020-0931 | 1 Microsoft | 4 Business Productivity Servers, Sharepoint Enterprise Server, Sharepoint Foundation and 1 more | 2024-11-21 | 8.8 High |
| A remote code execution vulnerability exists in Microsoft SharePoint when the software fails to check the source markup of an application package, aka 'Microsoft SharePoint Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2020-0920, CVE-2020-0929, CVE-2020-0932, CVE-2020-0971, CVE-2020-0974. | ||||
| CVE-2020-0929 | 1 Microsoft | 3 Sharepoint Enterprise Server, Sharepoint Foundation, Sharepoint Server | 2024-11-21 | 8.8 High |
| A remote code execution vulnerability exists in Microsoft SharePoint when the software fails to check the source markup of an application package, aka 'Microsoft SharePoint Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2020-0920, CVE-2020-0931, CVE-2020-0932, CVE-2020-0971, CVE-2020-0974. | ||||
| CVE-2020-0920 | 1 Microsoft | 3 Sharepoint Enterprise Server, Sharepoint Foundation, Sharepoint Server | 2024-11-21 | 8.8 High |
| A remote code execution vulnerability exists in Microsoft SharePoint when the software fails to check the source markup of an application package, aka 'Microsoft SharePoint Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2020-0929, CVE-2020-0931, CVE-2020-0932, CVE-2020-0971, CVE-2020-0974. | ||||