Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in
Flexdotnetcms ProjectFlexdotnetcms

2 matches found

CVE
CVEadded 2020/11/12 6:15 p.m.123 views

CVE-2020-27386

Vulnerability (CVE-2020-27386) in FlexDotnetCMS prior to 1.5.9 allows an authenticated attacker to upload arbitrary files via the FileManager, upload a safe file (e.g., TXT), rename it to an executable extension (e.g., ASP) using FileEditor or FileManager rename, and execute it via HTTP GET. Impa...

8.8CVSS8.8AI score0.77946EPSS
Web
CVE
CVEadded 2020/11/12 6:24 p.m.42 views

CVE-2020-27385

FlexDotnetCMS contains an Incorrect Access Control vulnerability in the FileEditor (/Admin/Views/FileEditor/) affecting versions before 1.5.11. An authenticated remote attacker can read and write to existing files outside the web root. The issue is exposed via directory traversal (e.g., ............

8.1CVSS7.8AI score0.00425EPSS