Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in

CVE-2020-27386

🗓️ 12 Nov 2020 18:15:14Reported by mitreType 
cve
 cve🔗 web.nvd.nist.gov👁 126 Views🌐 WEB

An unrestricted file upload issue in FlexDotnetCMS before v1.5.9 allows authenticated remote attackers to upload and execute arbitrary files

Related
Detection
Refs
Paths
ReporterTitlePublishedViews
Family
Circl		CVE-2020-27386
12 Nov 202022:32
circl
Cvelist		CVE-2020-27386
12 Nov 202018:15
cvelist
Metasploit		FlexDotnetCMS Arbitrary ASP File Upload
8 Dec 202017:41
metasploit
NVD		CVE-2020-27386
12 Nov 202019:15
nvd
Packet Storm		FlexDotnetCMS 1.5.8 Arbitrary ASP File Upload
8 Dec 202000:00
packetstorm
Prion		Unrestricted file upload
12 Nov 202019:15
prion
Positive Technologies		PT-2020-16679 · Flexdotnetcms · Flexdotnetcms
12 Nov 202000:00
ptsecurity
Rapid7 Blog		Metasploit Wrap-Up
11 Dec 202017:09
rapid7blog
RedhatCVE		CVE-2020-27386
22 May 202517:01
redhatcve
NVD
Node
flexdotnetcms_projectflexdotnetcmsRange<1.5.9
ParameterPositionPathDescriptionCWE
LoginControl$Usernamerequest body/login/Authentication to FlexDotnetCMS is performed via POST to /login using user credentials.CWE-434
LoginControl$Passwordrequest body/login/Authentication to FlexDotnetCMS is performed via POST to /login using user credentials.CWE-434
cmdquery param/Scripts/tinyfilemanager.net/dialog.aspxUpload of test file via tinyfilemanager dialog endpoint (cmd=upload).CWE-434
__EVENTTARGETrequest body/Admin/Views/PageHandlers/FileEditor/Default.aspxRename uploaded TXT to ASP using the file editor (requires tokens from the page).CWE-434
__VIEWSTATEKEYrequest body/Admin/Views/PageHandlers/FileEditor/Default.aspxRename uploaded TXT to ASP using the file editor (requires tokens from the page).CWE-434
__EVENTVALIDATIONrequest body/Admin/Views/PageHandlers/FileEditor/Default.aspxRename uploaded TXT to ASP using the file editor (requires tokens from the page).CWE-434
ctl00$ContentPlaceHolder1$FileSelector$SelectedFilerequest body/Admin/Views/PageHandlers/FileEditor/Default.aspxRename uploaded TXT to ASP using the file editor (requires tokens from the page).CWE-434
ctl00$ContentPlaceHolder1$Editorrequest body/Admin/Views/PageHandlers/FileEditor/Default.aspxRename uploaded TXT to ASP using the file editor (requires tokens from the page).CWE-434

Data

Build on a solid foundation with Vulners data

We provide the essential building blocks for cybersecurity solutions with comprehensive, structured, and constantly updated vulnerability and exploits data

Api

Power your application with Vulners API

The Vulners REST API offers reliable, high-performance access to vulnerability intelligence, with 99.9% SLA uptime and CDN-backed data delivery for seamless global access

App

Assess and manage vulnerabilities with Vulners tools

Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation

Book a live demo
17 Jun 2026 03:09Current
8.8High risk
Vulners AI Score8.8
CVSS 26.5
CVSS 3.18.8
EPSS0.72872
CWE-434
flexdotnetcmsfile uploadsecurity vulnerabilitycve-2020-27386remote attack
126