CVE-2020-28693

2020-11-1621:15:13

Google

osv.dev

7.3 High

AI Score

Confidence

Low

0.003 Low

EPSS

Percentile

66.1%

JSON

An unrestricted file upload issue in HorizontCMS 1.0.0-beta allows an authenticated remote attacker to upload PHP code through a zip file by uploading a theme, and executing the PHP file via an HTTP GET request to /themes/<php_file_name>

CPENameOperatorVersion
horizontcmseq1.0.0-beta
horizontcmseq1.0.0-alpha.2
horizontcmseq1.0.0-alpha.7
horizontcmseq1.0.0-alpha.4
horizontcmseq1.0.0-alpha.3
horizontcmseq1.0.0-alpha
horizontcmseq1.0.0-alpha.8
horizontcmseq1.0.0-alpha.6
horizontcmseq1.0.0-alpha.5

Name	Operator	Version
horizontcms	eq	1.0.0-beta
horizontcms	eq	1.0.0-alpha.2
horizontcms	eq	1.0.0-alpha.7
horizontcms	eq	1.0.0-alpha.4
horizontcms	eq	1.0.0-alpha.3
horizontcms	eq	1.0.0-alpha
horizontcms	eq	1.0.0-alpha.8
horizontcms	eq	1.0.0-alpha.6
horizontcms	eq	1.0.0-alpha.5