Horizontcms Project Horizontcms vulnerabilities
4 known vulnerabilities affecting horizontcms_project/horizontcms.
Total CVEs
4
CISA KEV
0
Public exploits
1
Exploited in wild
1
Severity breakdown
CRITICAL1HIGH3
Vulnerabilities
Page 1 of 1
CVE-2020-27387P1HIGHCVSS 8.8ExploitedPoCv1.0.02020-11-05
CVE-2020-27387 [HIGH] CWE-434 CVE-2020-27387: An unrestricted file upload issue in HorizontCMS through 1.0.0-beta allows an authenticated remote a
An unrestricted file upload issue in HorizontCMS through 1.0.0-beta allows an authenticated remote attacker (with access to the FileManager) to upload and execute arbitrary PHP code by uploading a PHP payload, and then using the FileManager's rename function to provide the payload (which will receive a random name on the server) with the PHP extension
nvd
CVE-2020-28693P3HIGHCVSS 8.8v1.0.02020-11-16
CVE-2020-28693 [HIGH] CWE-434 CVE-2020-28693: An unrestricted file upload issue in HorizontCMS 1.0.0-beta allows an authenticated remote attacker
An unrestricted file upload issue in HorizontCMS 1.0.0-beta allows an authenticated remote attacker to upload PHP code through a zip file by uploading a theme, and executing the PHP file via an HTTP GET request to /themes/
nvd
CVE-2021-28428P3CRITICALCVSS 9.8v1.0.02022-04-05
CVE-2021-28428 [CRITICAL] CVE-2021-28428: File upload vulnerability in HorizontCMS before 1.0.0-beta.3 via uploading a .htaccess and *.hello f
File upload vulnerability in HorizontCMS before 1.0.0-beta.3 via uploading a .htaccess and *.hello files using the Media Files upload functionality. The original file upload vulnerability (CVE-2020-27387) was remediated by restricting the PHP extensions; however, we confirmed that the filter was bypassed via uploading an arbitrary .htaccess and *.hello fi
nvd
CVE-2022-25104P3HIGHCVSS 7.5v1.0.02022-02-24
CVE-2022-25104 [HIGH] CWE-552 CVE-2022-25104: HorizontCMS v1.0.0-beta.2 was discovered to contain an arbitrary file download vulnerability via the
HorizontCMS v1.0.0-beta.2 was discovered to contain an arbitrary file download vulnerability via the component /admin/file-manager/.
nvd