Vulnerabilities > Earcms
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2023-08-29 | CVE-2020-18912 | Unrestricted Upload of File with Dangerous Type vulnerability in Earcms EAR 20181124 An issue found in Earcms Ear App v.20181124 allows a remote attacker to execute arbitrary code via the uload/index-uplog.php. | 9.8 |
| 2017-07-30 | CVE-2017-11756 | Unrestricted Upload of File with Dangerous Type vulnerability in Earcms EAR Music 4.1 In Earcms Ear Music through 4.1 build 20170710, remote authenticated users can execute arbitrary PHP code by changing the allowable music-upload extensions to include .php in addition to .mp3 and .m4a in admin.php?iframe=config_upload, and then using user.php/music/add/ to upload the code. | 7.0 |