Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact
9
CVSSv2

CVE-2020-28693

Published: 16/11/2020 Updated: 30/11/2020
CVSS v2 Base Score: 9 | Impact Score: 10 | Exploitability Score: 8
CVSS v3 Base Score: 8.8 | Impact Score: 5.9 | Exploitability Score: 2.8
VMScore: 801
Vector: AV:N/AC:L/Au:S/C:C/I:C/A:C

Vulnerability Summary

An unrestricted file upload issue in HorizontCMS 1.0.0-beta allows an authenticated remote malicious user to upload PHP code through a zip file by uploading a theme, and executing the PHP file via an HTTP GET request to /themes/<php_file_name>

Vulnerability Trend

Vulnerable Product Search on Vulmon Subscribe to Product

horizontcms project horizontcms 1.0.0

Github Repositories

https://github.com/jkana/HorizontCMS-1.0.0-beta-shell-upload

HorizontCMS-100-beta-shell-upload (CVE-2020-28693) Author: jkana The vulnerable is in Theme upload function 1Login as administrator or any users could change themes 2Create a zip file which have php shell inside For example shellzip with shellphp inside 2Access to IP/admin/theme/index For example: 1921681067:81/hcms/admin/theme/index 3Upload shel

References

CWE-434https://github.com/ttimot24/HorizontCMS/issues/21https://github.com/jkana/HorizontCMS-1.0.0-beta-shell-uploadhttps://nvd.nist.govhttps://github.com/jkana/HorizontCMS-1.0.0-beta-shell-upload
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
injectCVE-2024-34001CVE-2024-37018LFICVE-2024-1275CVE-2024-1086CSRFCVE-2024-31030CVE-2024-24919
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook