Lucene search
MitreCVELIST:CVE-2021-28428HistoryApr 05, 2022 - 3:37 p.m.
CVE-2021-28428
2022-04-0515:37:31
mitre
www.cve.org
7
horizontcms
file upload
rce
cve-2021-28428
File upload vulnerability in HorizontCMS before 1.0.0-beta.3 via uploading a .htaccess and *.hello files using the Media Files upload functionality. The original file upload vulnerability (CVE-2020-27387) was remediated by restricting the PHP extensions; however, we confirmed that the filter was bypassed via uploading an arbitrary .htaccess and *.hello files in order to execute PHP code to gain RCE.
Related
nvd
nvd
CVE-2021-28428
2022-04-05 16:15:11
CVE-2020-27387
2020-11-05 02:15:12
osv
osv
CVE-2021-28428
2022-04-05 16:15:11
CVE-2020-27387
2020-11-05 02:15:12
prion
prion
Unrestricted file upload
2022-04-05 16:15:00
Unrestricted file upload
2020-11-05 02:15:00
cve
cve
CVE-2021-28428
2022-04-05 16:15:11
CVE-2020-27387
2020-11-05 02:15:12
metasploit
metasploit
HorizontCMS Arbitrary PHP File Upload
2020-11-02 18:01:13
packetstorm
packetstorm
HorizontCMS 1.0.0-beta Shell Upload
2020-11-13 00:00:00
cvelist
cvelist
CVE-2020-27387
2020-11-05 01:18:12
zdt
zdt
HorizontCMS 1.0.0-beta Shell Upload Exploit
2020-11-14 00:00:00
rapid7blog
rapid7blog
Metasploit Wrap-Up
2020-11-20 19:52:29