Articlecms Security Vulnerabilities - CVSS Score 9 - 10

CVE-2020-20092

File Upload vulnerability exists in ArticleCMS 1.0 via the image upload feature at /admin by changing the Content-Type to image/jpeg and placing PHP code after the JPEG data, which could let a remote malicious user execute arbitrary PHP code.

CVE-2020-28063

A file upload issue exists in all versions of ArticleCMS which allows malicious users to getshell.