CVE-2020-28693
Published
CVSS v3
8.8
HIGH
CVSS v2
9
HIGH
Affected
2
PROJECTS
Description
An unrestricted file upload issue in HorizontCMS 1.0.0-beta allows an authenticated remote attacker to upload PHP code through a zip file by uploading a theme, and executing the PHP file via an HTTP GET request to /themes/<php_file_name>
Lightweight CMS built on Laravel 11, VueJs 2.6 and Bootstrap 5.3. An alternative platform to OctoberCMS
GitHub