CVE-2020-37227
published 2026-05-16CVE-2020-37227: HS Brand Logo Slider 2.1 contains an unrestricted file upload vulnerability that allows authenticated users to bypass client-side file extension validation by…
PriorityP263high8.8CVSS 3.1
AVNACLPRLUINSUCHIHAH
EPSS
0.54%
41.4th percentile
HS Brand Logo Slider 2.1 contains an unrestricted file upload vulnerability that allows authenticated users to bypass client-side file extension validation by uploading arbitrary files. Attackers can intercept upload requests to the logoupload parameter in the admin interface and rename files to executable extensions .php to achieve remote code execution.
Affected
1 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| heliossolutions | hs_brand_logo_slider | — | — |
CVSS provenance
nvdv3.18.8HIGHCVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
nvdv4.08.7HIGHCVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-7487-8952-hmfc: HS Brand Logo Slider 2
ghsa_unreviewed·2026-05-16
CVE-2020-37227 [HIGH] CWE-434 GHSA-7487-8952-hmfc: HS Brand Logo Slider 2
HS Brand Logo Slider 2.1 contains an unrestricted file upload vulnerability that allows authenticated users to bypass client-side file extension validation by uploading arbitrary files. Attackers can intercept upload requests to the logoupload parameter in the admin interface and rename files to executable extensions .php to achieve remote code execution.
VulDB
Heliossolutions HS Brand Logo Slider 2.1 Admin Interface logoupload unrestricted upload (Exploit 48913)
vuldb·2026-05-16·CVSS 8.7
CVE-2020-37227 [HIGH] Heliossolutions HS Brand Logo Slider 2.1 Admin Interface logoupload unrestricted upload (Exploit 48913)
A vulnerability classified as critical was found in Heliossolutions HS Brand Logo Slider 2.1. Impacted is an unknown function of the component Admin Interface. Executing a manipulation of the argument logoupload can lead to unrestricted upload.
This vulnerability is handled as CVE-2020-37227. The attack can be executed remotely. Additionally, an exploit exists.
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
2026-05-16
Published