CVE-2020-37073

High CVSS: 8.6

Victor CMS 1.0 contains an authenticated file upload vulnerability that allows administrators to upload PHP files with arbitrary content through the user_image parameter. Attackers can upload a malicious PHP shell to the /img/ directory and execute system commands by accessing the uploaded file with a 'cmd' parameter.

Vendor

Victor Cms Project

Product

Victor Cms

CWE

CWE-434

Yayın Tarihi

2026-02-03 22:16:22

Güncelleme

2026-02-10 14:52:48

Source Identifier

disclosure@vulncheck.com

KEV Date Added

Kategoriler

CWE-434 Victor Cms HIGH Victor Cms Project 2026

Referanslar

https://github.com/VictorAlagwu/CMSsite https://www.exploit-db.com/exploits/48490 https://www.vulncheck.com/advisories/victor-cms-authenticated-arbitrary-file-upload

Benzer Kayıtlar

High

CVE-2020-37076

Victor CMS version 1.0 contains a SQL injection vulnerability in the 'post' parameter on post.php that allows remote att…

Medium

CVE-2020-37072

Victor CMS 1.0 contains a stored cross-site scripting vulnerability in the 'comment_author' POST parameter that allows a…

High

CVE-2020-36942

Victor CMS 1.0 contains a file upload vulnerability that allows authenticated users to upload malicious PHP files throug…