Vulnerabilities > Flexdotnetcms Project

DATE	CVE	VULNERABILITY TITLE	RISK
2020-11-12	CVE-2020-27386	Unrestricted Upload of File with Dangerous Type vulnerability in Flexdotnetcms Project Flexdotnetcms An unrestricted file upload issue in FlexDotnetCMS before v1.5.9 allows an authenticated remote attacker to upload and execute arbitrary files by using the FileManager to upload malicious code (e.g., ASP code) in the form of a safe file type (e.g., a TXT file), and then using the FileEditor (in v1.5.8 and prior) or the FileManager's rename function (in v1.5.7 and prior) to rename the file to an executable extension (e.g., ASP), and finally executing the file via an HTTP GET request to /<path_to_file>. network low complexity flexdotnetcms-project CWE-434	8.8
2020-11-12	CVE-2020-27385	Path Traversal vulnerability in Flexdotnetcms Project Flexdotnetcms Incorrect Access Control in the FileEditor (/Admin/Views/FileEditor/) in FlexDotnetCMS before v1.5.11 allows an authenticated remote attacker to read and write to existing files outside the web root. network low complexity flexdotnetcms-project CWE-22	8.1

Vulnerabilities > Flexdotnetcms Project {"@context":"https://schema.org","@type":"BreadcrumbList","itemListElement":[{"@type":"ListItem","position":1,"name":"Vulnerabilities","item":"https://cyber.vumetric.com/vulns/"},{"@type":"ListItem","position":2,"name":"Flexdotnetcms Project"}]}