Lucene search
K
Horizontcms ProjectHorizontcms

4 matches found

CVE
CVE
added 2022/04/05 3:37 p.m.100 views

CVE-2021-28428

CVE-2021-28428 affects HorizontCMS up to version 1.0.0-beta.3. The vulnerability lies in the Media Files upload functionality, where an attacker can bypass a prior filter that restricted PHP extensions and upload arbitrary ".htaccess" and "*.hello" files to achieve remote code execution. The orig...

9.8CVSS8.9AI score0.01195EPSS
CVE
CVE
added 2020/11/05 1:18 a.m.89 views

CVE-2020-27387

HorizontCMS 1.0.0-beta is affected by an unrestricted PHP file upload vulnerability in the FileManager. An authenticated user can upload a PHP payload via /admin/file-manager/fileupload, get it renamed to a random name with a .php extension, and then trigger execution by accessing /storage/. This...

8.8CVSS9.3AI score0.18461EPSS
In wildWeb
CVE
CVE
added 2022/02/23 9:11 p.m.88 views

CVE-2022-25104

CVE-2022-25104 affects HorizontCMS v1.0.0-beta.2, where an arbitrary file download vulnerability exists via the /admin/file-manager/ component. The available sources consistently describe the issue as an arbitrary file download, but do not provide concrete details on the exact root cause, impacte...

7.5CVSS7.6AI score0.01117EPSS
CVE
CVE
added 2020/11/16 8:42 p.m.45 views

CVE-2020-28693

CVE-2020-28693 concerns HorizontCMS 1.0.0-beta where an authenticated user can upload a ZIP theme containing PHP code, enabling unrestricted file upload. The attacker can subsequently trigger execution by issuing an HTTP GET to /themes/, potentially compromising server-side code. The sources desc...

9CVSS8.7AI score0.02498EPSS
Web