CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

Prion•added 2021/08/27 9:15 p.m.•15 views

Design/Logic Flaw

An arbitrary file upload vulnerability in the /uploads/dede component of DedeCMS V5.7SP2 allows attackers to upload a webshell in HTM format...

7.5CVSS9.3AI score0.01137EPSS

CVE•added 2021/08/27 8:30 p.m.•57 views

CVE-2020-18114

CVE-2020-18114 affects DedeCMS V5.7SP2, with an arbitrary file upload vulnerability in the /uploads/dede component that allows uploading a webshell in HTM format. This enables remote code execution via a crafted HTM upload, per the description in the CVE entry. Connected sources corroborate the s...

9.8CVSS9.3AI score0.01137EPSS

CNNVD•added 2021/08/27 12:0 a.m.•2 views

Desdev DedeCMS 代码问题漏洞

Desdev DedeCMS Dream Weaving Content Management System is a PHP-based open-source content management system CMS of China Zhuozhuo network Desdev company. The system has content publishing , content management , content editing and content retrieval functions. A security vulnerability exists in th...

9.8CVSS8.2AI score0.01137EPSS

CNNVD•added 2021/08/20 12:0 a.m.•4 views

NetModule Router Software 日志信息泄露漏洞

NetModule Router Software is a router for NetModule. A security vulnerability exists in NetModule Router Software due to the interface support for an optional "CLI-PHP" feature, which is essentially a PHP webshell that requires The vulnerability stems from the interface supporting an optional...

8.8CVSS7.9AI score0.00615EPSS

Exploits3References4

OSV•added 2021/08/12 12:15 p.m.•0 views

CVE-2020-28165

The EasyCorp ZenTao PMS 12.4.2 application suffers from an arbitrary file upload vulnerability. An attacker can upload arbitrary webshell to the server by using the downloadZipPackage function...

9.8CVSS7.4AI score

NVD•added 2021/08/12 12:15 p.m.•11 views

CVE-2020-28165

The EasyCorp ZenTao PMS 12.4.2 application suffers from an arbitrary file upload vulnerability. An attacker can upload arbitrary webshell to the server by using the downloadZipPackage function...

9.8CVSS0.00596EPSS

Prion•added 2021/08/12 12:15 p.m.•11 views

Privilege escalation

The EasyCorp ZenTao PMS 12.4.2 application suffers from an arbitrary file upload vulnerability. An attacker can upload arbitrary webshell to the server by using the downloadZipPackage function...

7.5CVSS9.5AI score0.00596EPSS

Exploits0References1Affected Software1

CVE•added 2021/08/12 11:1 a.m.•52 views

CVE-2020-28165

CVE-2020-28165 affects EasyCorp ZenTao PMS 12.4.2 with an arbitrary file upload vulnerability exposed through the downloadZipPackage() function, allowing upload of arbitrary webshells to the server. Connected sources corroborate the vulnerability description; no additional exploit details, affect...

9.8CVSS9.4AI score0.00596EPSS

Exploits0References1Affected Software1

Cvelist•added 2021/08/12 11:1 a.m.•15 views

CVE-2020-28165

The EasyCorp ZenTao PMS 12.4.2 application suffers from an arbitrary file upload vulnerability. An attacker can upload arbitrary webshell to the server by using the downloadZipPackage function...

9.6AI score0.00596EPSS

OSV•added 2021/08/11 6:15 p.m.•1 views

CVE-2020-21976

An arbitrary file upload in the component of NewsOne CMS v1.1.0 allows attackers to webshell and execute arbitrary commands...

8.8CVSS7.5AI score

NVD•added 2021/08/11 6:15 p.m.•8 views

CVE-2020-21976

An arbitrary file upload in the component of NewsOne CMS v1.1.0 allows attackers to webshell and execute arbitrary commands...

9CVSS0.00831EPSS

Prion•added 2021/08/11 6:15 p.m.•12 views

Design/Logic Flaw

An arbitrary file upload in the component of NewsOne CMS v1.1.0 allows attackers to webshell and execute arbitrary commands...

9CVSS8.8AI score0.00831EPSS

Cvelist•added 2021/08/11 5:41 p.m.•18 views

CVE-2020-21976

An arbitrary file upload in the component of NewsOne CMS v1.1.0 allows attackers to webshell and execute arbitrary commands...

8.9AI score0.00831EPSS

CVE•added 2021/08/11 5:41 p.m.•155 views

CVE-2020-21976

CVE-2020-21976 affects NewsOne CMS v1.1.0 via an arbitrary file upload in the field. Root cause is an unrestricted file upload, enabling attackers to webshell and execute arbitrary commands. CVSSv3.1 base score 8.8 (HIGH) with NETWORK attack vector and LOW access complexity; high impact to confi...

9CVSS8.8AI score0.00831EPSS

CNNVD•added 2021/08/11 12:0 a.m.•2 views

NewsOne CMS 代码问题漏洞

NewsOne CMS is a web-based news, magazine script. It is possible to develop your own media/news website. A security vulnerability exists in NewsOne CMS version 1.1.0, which originates from an arbitrary file upload vulnerability in the component of the software, which allows an attacker to use a...

9CVSS8.2AI score0.00831EPSS

Exploits1References2

GithubExploit•added 2021/08/05 6:48 p.m.•97 views

Exploit for SQL Injection in Agentejo Cockpit

Cockpit CMS NoSQL Injection to Remote Code Execution : CVE-202...

9.8CVSS9.9AI score0.93926EPSS

Exploits10

NVD•added 2021/08/03 10:15 p.m.•8 views

CVE-2020-19302

An arbitrary file upload vulnerability in the avatar upload function of vaeThink v1.0.1 allows attackers to open a webshell via changing uploaded file suffixes to ".php"...

9.8CVSS0.00614EPSS

OSV•added 2021/08/03 10:15 p.m.•11 views

CVE-2020-19302

An arbitrary file upload vulnerability in the avatar upload function of vaeThink v1.0.1 allows attackers to open a webshell via changing uploaded file suffixes to ".php"...

9.8CVSS6.9AI score

Prion•added 2021/08/03 10:15 p.m.•8 views

Design/Logic Flaw

An arbitrary file upload vulnerability in the avatar upload function of vaeThink v1.0.1 allows attackers to open a webshell via changing uploaded file suffixes to ".php"...

7.5CVSS9.3AI score0.00614EPSS