Vulnerability Details CVE-2020-36942
Victor CMS 1.0 contains a file upload vulnerability that allows authenticated users to upload malicious PHP files through the profile image upload feature. Attackers can upload a PHP shell to the /img directory and execute system commands by accessing the uploaded file via web browser.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.0
EPSS Ranking 13.5%
CVSS Severity
CVSS v3 Score 8.8
References
Products affected by CVE-2020-36942
-
cpe:2.3:a:victor_cms_project:victor_cms:1.0