Search Results (10684 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2020-28328 1 Salesagility 1 Suitecrm 2024-11-21 8.8 High
SuiteCRM before 7.11.17 is vulnerable to remote code execution via the system settings Log File Name setting. In certain circumstances involving admin account takeover, logger_file_name can refer to an attacker-controlled .php file under the web root.
CVE-2020-28283 1 Libnested Project 1 Libnested 2024-11-21 9.8 Critical
Prototype pollution vulnerability in 'libnested' versions 0.0.0 through 1.5.0 allows an attacker to cause a denial of service and may lead to remote code execution.
CVE-2020-28282 1 Getobject Project 1 Getobject 2024-11-21 9.8 Critical
Prototype pollution vulnerability in 'getobject' version 0.1.0 allows an attacker to cause a denial of service and may lead to remote code execution.
CVE-2020-28281 1 Set-object-value Project 1 Set-object-value 2024-11-21 9.8 Critical
Prototype pollution vulnerability in 'set-object-value' versions 0.0.0 through 0.0.5 allows an attacker to cause a denial of service and may lead to remote code execution.
CVE-2020-28280 1 Predefine Project 1 Predefine 2024-11-21 9.8 Critical
Prototype pollution vulnerability in 'predefine' versions 0.0.0 through 0.1.2 allows an attacker to cause a denial of service and may lead to remote code execution.
CVE-2020-28279 1 Flattenizer Project 1 Flattenizer 2024-11-21 9.8 Critical
Prototype pollution vulnerability in 'flattenizer' versions 0.0.5 through 1.0.5 allows an attacker to cause a denial of service and may lead to remote code execution.
CVE-2020-28278 1 Shvl Project 1 Shvl 2024-11-21 9.8 Critical
Prototype pollution vulnerability in 'shvl' versions 1.0.0 through 2.0.1 allows an attacker to cause a denial of service and may lead to remote code execution.
CVE-2020-28277 1 Dset Project 1 Dset 2024-11-21 9.8 Critical
Prototype pollution vulnerability in 'dset' versions 1.0.0 through 2.0.1 allows attacker to cause a denial of service and may lead to remote code execution.
CVE-2020-28276 1 Deep-set Project 1 Deep-set 2024-11-21 9.8 Critical
Prototype pollution vulnerability in 'deep-set' versions 1.0.0 through 1.0.1 allows attacker to cause a denial of service and may lead to remote code execution.
CVE-2020-28274 1 Deepref Project 1 Deepref 2024-11-21 9.8 Critical
Prototype pollution vulnerability in 'deepref' versions 1.1.1 through 1.2.1 allows attacker to cause a denial of service and may lead to remote code execution.
CVE-2020-28273 1 Set-in Project 1 Set-in 2024-11-21 9.8 Critical
Prototype pollution vulnerability in 'set-in' versions 1.0.0 through 2.0.0 allows attacker to cause a denial of service and may lead to remote code execution.
CVE-2020-28272 1 Keyget Project 1 Keyget 2024-11-21 9.8 Critical
Prototype pollution vulnerability in 'keyget' versions 1.0.0 through 2.2.0 allows attacker to cause a denial of service and may lead to remote code execution.
CVE-2020-28270 1 Mjpclab 1 Object-hierarchy-access 2024-11-21 9.8 Critical
Prototype pollution vulnerability in 'object-hierarchy-access' versions 0.2.0 through 0.32.0 allows attacker to cause a denial of service and may lead to remote code execution.
CVE-2020-28269 1 Exodus 1 Field 2024-11-21 9.8 Critical
Prototype pollution vulnerability in 'field' versions 0.0.1 through 1.0.1 allows attacker to cause a denial of service and may lead to remote code execution.
CVE-2020-28268 1 Controlled-merge Project 1 Controlled-merge 2024-11-21 7.5 High
Prototype pollution vulnerability in 'controlled-merge' versions 1.0.0 through 1.2.0 allows attacker to cause a denial of service and may lead to remote code execution.
CVE-2020-28267 1 Set Project 1 Set 2024-11-21 7.5 High
Prototype pollution vulnerability in '@strikeentco/set' version 1.0.0 allows attacker to cause a denial of service and may lead to remote code execution.
CVE-2020-28246 1 Form 1 Form.io 2024-11-21 9.8 Critical
A Server-Side Template Injection (SSTI) was discovered in Form.io 2.0.0. This leads to Remote Code Execution during deletion of the default Email template URL. NOTE: the email templating service was removed after 2020. Additionally, the vendor disputes this issue indicating this is sandboxed and only executable by admins.
CVE-2020-28173 1 Simple College Project 1 Simple College 2024-11-21 7.2 High
Simple College Website 1.0 allows a user to conduct remote code execution via /alumni/admin/ajax.php?action=save_settings when uploading a malicious file using the image upload functionality, which is stored in /alumni/admin/assets/uploads/.
CVE-2020-28136 1 Phpgurukul 1 Tourism Management System 2024-11-21 8.8 High
An Arbitrary File Upload is discovered in SourceCodester Tourism Management System 1.0 allows the user to conduct remote code execution via admin/create-package.php vulnerable page.
CVE-2020-28130 1 Online Library Management System Project 1 Online Library Management System 2024-11-21 9.8 Critical
An Arbitrary File Upload in the Upload Image component in SourceCodester Online Library Management System 1.0 allows the user to conduct remote code execution via admin/borrower/index.php?view=add because .php files can be uploaded to admin/borrower/photos (under the web root).