CVE-2020-20092

ArticleCMS 1.0 is vulnerable to a file-upload flaw in the image-upload feature at /admin. By spoofing Content-Type: image/jpeg and appending PHP code after the JPEG data, a remote attacker could execute arbitrary PHP code. This claim is consistent across multiple connected records (e.g., Red Hat,...

CVE-2018-19469

CVE-2018-19469 affects ArticleCMS (versions up to 2017-02-19). The issue is a reflected XSS in the update_personal_infomation path, exploitable via the realname or email parameters. Root cause is unsanitized input being reflected back to the page, enabling script execution in a user’s browser. Do...

CVE-2018-12339

CVE-2018-12339 describes a cross-site scripting vulnerability in ArticleCMS up to 2017-02-19, exploitable via an "add an article" action. The connected documents consistently identify this as a XSS flaw affecting ArticleCMS, with multiple sources corroborating the vulnerable action, including Red...

CVE-2020-28063

CVE-2020-28063 is a file upload vulnerability in ArticleCMS affecting all versions. The connected sources describe an unrestricted file upload flaw with no uploading restrictions, enabling attackers to obtain a shell remotely. The issue is consistently characterized across multiple feeds (e.g., C...