Export limit exceeded: 10205 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (10205 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2020-24196 | 1 Online Bike Rental Project | 1 Online Bike Rental | 2024-11-21 | 7.2 High |
| An Arbitrary File Upload in Vehicle Image Upload in Online Bike Rental v1.0 allows authenticated admin to conduct remote code execution. | ||||
| CVE-2020-24195 | 1 Online Bike Rental Project | 1 Online Bike Rental | 2024-11-21 | 9.1 Critical |
| An Arbitrary File Upload in the Upload Image component in Sourcecodester Online Bike Rental v1.0 allows authenticated administrator to conduct remote code execution. | ||||
| CVE-2020-24186 | 1 Gvectors | 1 Wpdiscuz | 2024-11-21 | 10 Critical |
| A Remote Code Execution vulnerability exists in the gVectors wpDiscuz plugin 7.0 through 7.0.4 for WordPress, which allows unauthenticated users to upload any type of file, including PHP files via the wmuUploadFiles AJAX action. | ||||
| CVE-2020-23829 | 1 Librehealth | 1 Librehealth Ehr | 2024-11-21 | 8.8 High |
| interface/new/new_comprehensive_save.php in LibreHealth EHR 2.0.0 suffers from an authenticated file upload vulnerability, allowing remote attackers to achieve remote code execution (RCE) on the hosting webserver by uploading a maliciously crafted image. | ||||
| CVE-2020-23828 | 1 Online Course Registration Project | 1 Online Course Registration | 2024-11-21 | 9.8 Critical |
| A File Upload vulnerability in SourceCodester Online Course Registration v1.0 allows remote attackers to achieve Remote Code Execution (RCE) on the hosting webserver by uploading a crafted PHP web-shell that bypasses the image upload filters. An attack uses /Online%20Course%20Registration/my-profile.php with the POST parameter photo. | ||||
| CVE-2020-23653 | 1 Thinkadmin | 1 Thinkadmin | 2024-11-21 | 9.8 Critical |
| An insecure unserialize vulnerability was discovered in ThinkAdmin versions 4.x through 6.x in app/admin/controller/api/Update.php and app/wechat/controller/api/Push.php, which may lead to arbitrary remote code execution. | ||||
| CVE-2020-23580 | 1 Pbootcms | 1 Pbootcms | 2024-11-21 | 9.8 Critical |
| Remote Code Execution vulnerability in PbootCMS 2.0.8 in the message board. | ||||
| CVE-2020-23520 | 1 Txjia | 1 Imcat | 2024-11-21 | 7.2 High |
| imcat 5.2 allows an authenticated file upload and consequently remote code execution via the picture functionality. | ||||
| CVE-2020-23160 | 1 Pyres | 2 Termod4, Termod4 Firmware | 2024-11-21 | 8.8 High |
| Remote code execution in Pyrescom Termod4 time management devices before 10.04k allows authenticated remote attackers to arbitrary commands as root on the devices. | ||||
| CVE-2020-22937 | 1 Phome | 1 Empirecms | 2024-11-21 | 9.8 Critical |
| A remote code execution (RCE) in e/install/index.php of EmpireCMS 7.5 allows attackers to execute arbitrary PHP code via writing malicious code to the install file. | ||||
| CVE-2020-22848 | 1 Chshcms | 1 Cscms | 2024-11-21 | 9.8 Critical |
| A remote code execution (RCE) vulnerability in the \Playsong.php component of cscms v4.1 allows attackers to execute arbitrary commands. | ||||
| CVE-2020-22643 | 1 Feehi | 1 Feehi Cms | 2024-11-21 | 7.2 High |
| Feehi CMS 2.1.0 is affected by an arbitrary file upload vulnerability, potentially resulting in remote code execution. After an administrator logs in, open the administrator image upload page to potentially upload malicious files. | ||||
| CVE-2020-22427 | 1 Nagios | 1 Nagios Xi | 2024-11-21 | 7.2 High |
| NagiosXI 5.6.11 is affected by a remote code execution (RCE) vulnerability. An authenticated nagiosadmin user can inject additional commands into a request. NOTE: the vendor disputes whether the CVE and its references are actionable because all technical details are omitted, and the only option is to pay for a subscription service where technical details may be disclosed at an unspecified later time | ||||
| CVE-2020-22249 | 1 Phplist | 1 Phplist | 2024-11-21 | 9.8 Critical |
| Remote Code Execution vulnerability in phplist 3.5.1. The application does not check any file extensions stored in the plugin zip file, Uploading a malicious plugin which contains the php files with extensions like PHP,phtml,php7 will be copied to the plugins directory which would lead to the remote code execution | ||||
| CVE-2020-22120 | 1 Txjia | 1 Imcat | 2024-11-21 | 8.8 High |
| A remote code execution (RCE) vulnerability in /root/run/adm.php?admin-ediy&part=exdiy of imcat v5.1 allows authenticated attackers to execute arbitrary code. | ||||
| CVE-2020-22083 | 1 Jsonpickle Project | 1 Jsonpickle | 2024-11-21 | 9.8 Critical |
| jsonpickle through 1.4.1 allows remote code execution during deserialization of a malicious payload through the decode() function. Note: It has been argued that this is expected and clearly documented behaviour. pickle is known to be capable of causing arbitrary code execution, and must not be used with un-trusted data | ||||
| CVE-2020-21865 | 1 Thinkphp50-cms Project | 1 Thinkphp50-cms | 2024-11-21 | 9.8 Critical |
| ThinkPHP50-CMS v1.0 contains a remote code execution (RCE) vulnerability in the component /public/?s=captcha. | ||||
| CVE-2020-21652 | 1 Myucms Project | 1 Myucms | 2024-11-21 | 9.8 Critical |
| Myucms v2.2.1 contains a remote code execution (RCE) vulnerability in the component \controller\Config.php, which can be exploited via the addqq() method. | ||||
| CVE-2020-21651 | 1 Myucms Project | 1 Myucms | 2024-11-21 | 9.8 Critical |
| Myucms v2.2.1 contains a remote code execution (RCE) vulnerability in the component \controller\point.php, which can be exploited via the add() method. | ||||
| CVE-2020-21650 | 1 Myucms Project | 1 Myucms | 2024-11-21 | 8.8 High |
| Myucms v2.2.1 contains a remote code execution (RCE) vulnerability in the component \controller\Config.php, which can be exploited via the add() method. | ||||