CVE-2021-28428
- EPSS 0.43%
- Veröffentlicht 05.04.2022 16:15:11
- Zuletzt bearbeitet 21.11.2024 05:59:39
File upload vulnerability in HorizontCMS before 1.0.0-beta.3 via uploading a .htaccess and *.hello files using the Media Files upload functionality. The original file upload vulnerability (CVE-2020-27387) was remediated by restricting the PHP extensi...
CVE-2022-25104
- EPSS 0.27%
- Veröffentlicht 24.02.2022 15:15:30
- Zuletzt bearbeitet 21.11.2024 06:51:39
HorizontCMS v1.0.0-beta.2 was discovered to contain an arbitrary file download vulnerability via the component /admin/file-manager/.
- EPSS 2.26%
- Veröffentlicht 16.11.2020 21:15:13
- Zuletzt bearbeitet 21.11.2024 05:23:07
An unrestricted file upload issue in HorizontCMS 1.0.0-beta allows an authenticated remote attacker to upload PHP code through a zip file by uploading a theme, and executing the PHP file via an HTTP GET request to /themes/<php_file_name>
CVE-2020-27387
- EPSS 70.32%
- Veröffentlicht 05.11.2020 02:15:12
- Zuletzt bearbeitet 21.11.2024 05:21:08
An unrestricted file upload issue in HorizontCMS through 1.0.0-beta allows an authenticated remote attacker (with access to the FileManager) to upload and execute arbitrary PHP code by uploading a PHP payload, and then using the FileManager's rename ...