Flexdotnetcms Project Flexdotnetcms vulnerabilities
2 known vulnerabilities affecting flexdotnetcms_project/flexdotnetcms.
Total CVEs
2
CISA KEV
0
Public exploits
1
Exploited in wild
0
Severity breakdown
HIGH2
Vulnerabilities
Page 1 of 1
CVE-2020-27386P2HIGHCVSS 8.8PoCfixed in 1.5.92020-11-12
CVE-2020-27386 [HIGH] CWE-434 CVE-2020-27386: An unrestricted file upload issue in FlexDotnetCMS before v1.5.9 allows an authenticated remote atta
An unrestricted file upload issue in FlexDotnetCMS before v1.5.9 allows an authenticated remote attacker to upload and execute arbitrary files by using the FileManager to upload malicious code (e.g., ASP code) in the form of a safe file type (e.g., a TXT file), and then using the FileEditor (in v1.5.8 and prior) or the FileManager's rename function (i
nvd
CVE-2020-27385P3HIGHCVSS 8.1fixed in 1.5.112020-11-12
CVE-2020-27385 [HIGH] CWE-22 CVE-2020-27385: Incorrect Access Control in the FileEditor (/Admin/Views/FileEditor/) in FlexDotnetCMS before v1.5.1
Incorrect Access Control in the FileEditor (/Admin/Views/FileEditor/) in FlexDotnetCMS before v1.5.11 allows an authenticated remote attacker to read and write to existing files outside the web root. The files can be accessed via directory traversal, i.e., by entering a .. (dot dot) path such as ..\..\..\..\..\ in the input field of the FileEditor. In
nvd