Vulnerability Details CVE-2020-37073
Victor CMS 1.0 contains an authenticated file upload vulnerability that allows administrators to upload PHP files with arbitrary content through the user_image parameter. Attackers can upload a malicious PHP shell to the /img/ directory and execute system commands by accessing the uploaded file with a 'cmd' parameter.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.0
EPSS Ranking 12.2%
CVSS Severity
CVSS v3 Score 8.8
References
Products affected by CVE-2020-37073
-
cpe:2.3:a:victor_cms_project:victor_cms:1.0