← Back

CVE-2020-27387

nvd nist
Published: Nov 5, 2020Modified: Jun 17, 2026

JSON object

Loading...
8.8
Vector
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Exploitability: 2.8 / Impact: 5.9
Source: NVD

Description

An unrestricted file upload issue in HorizontCMS through 1.0.0-beta allows an authenticated remote attacker (with access to the FileManager) to upload and execute arbitrary PHP code by uploading a PHP payload, and then using the FileManager's rename function to provide the payload (which will receive a random name on the server) with the PHP extension, and finally executing the PHP file via an HTTP GET request to /storage/<php_file_name>. NOTE: the vendor has patched this while leaving the version number at 1.0.0-beta.

Affected (9)

Horizontcms Project
1 product
Horizontcms
Configuration A
9 vulnerable
Vulnerable SoftwareAffected Versions
Horizontcms
Version 1.0.0 alpha2
Horizontcms
Version 1.0.0 alpha3
Horizontcms
Version 1.0.0 alpha4
Horizontcms
Version 1.0.0 alpha5
Horizontcms
Version 1.0.0 alpha6
Horizontcms
Version 1.0.0 alpha7
Horizontcms
Version 1.0.0 alpha8
Horizontcms
Version 1.0.0 alpha
Horizontcms
Version 1.0.0 beta

Related CWEs

CWE-434
Unrestricted Upload of File with Dangerous Type
The product allows the upload or transfer of dangerous file types that are automatically processed within its environment.

References (8)

Source: cve@mitre.org
ExploitThird Party AdvisoryVDB Entry
Source: cve@mitre.org
ExploitPatchThird Party Advisory
Source: cve@mitre.org
Third Party Advisory
Source: cve@mitre.org
PatchThird Party Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
ExploitThird Party AdvisoryVDB Entry
Source: af854a3a-2127-422b-91ae-364da2661108
ExploitPatchThird Party Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
Third Party Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
PatchThird Party Advisory

Timeline

No history available yet.