2 matches found
CVE-2020-28693
An unrestricted file upload issue in HorizontCMS 1.0.0-beta allows an authenticated remote attacker to upload PHP code through a zip file by uploading a theme, and executing the PHP file via an HTTP GET request to /themes/...
CVE-2020-28693
CVE-2020-28693 concerns HorizontCMS 1.0.0-beta where an authenticated user can upload a ZIP theme containing PHP code, enabling unrestricted file upload. The attacker can subsequently trigger execution by issuing an HTTP GET to /themes/, potentially compromising server-side code. The sources desc...