CVE-2020-36942

High CVSS: 8.7

Victor CMS 1.0 contains a file upload vulnerability that allows authenticated users to upload malicious PHP files through the profile image upload feature. Attackers can upload a PHP shell to the /img directory and execute system commands by accessing the uploaded file via web browser.

Vendor

Victor Cms Project

Product

Victor Cms

CWE

CWE-434

Yayın Tarihi

2026-01-27 16:16:11

Güncelleme

2026-02-10 14:53:09

Source Identifier

disclosure@vulncheck.com

KEV Date Added

Kategoriler

CWE-434 Victor Cms HIGH Victor Cms Project 2026

Referanslar

https://github.com/VictorAlagwu/CMSsite https://www.exploit-db.com/exploits/49310 https://www.vulncheck.com/advisories/victor-cms-file-upload-to-rce

Benzer Kayıtlar

High

CVE-2020-37076

Victor CMS version 1.0 contains a SQL injection vulnerability in the 'post' parameter on post.php that allows remote att…

Medium

CVE-2020-37072

Victor CMS 1.0 contains a stored cross-site scripting vulnerability in the 'comment_author' POST parameter that allows a…

High

CVE-2020-37073

Victor CMS 1.0 contains an authenticated file upload vulnerability that allows administrators to upload PHP files with a…