Security Vulnerabilities Published In 2020
CVE-2020-35847
Public exploit exists
Agentejo Cockpit before 0.11.2 allows NoSQL injection via the Controller/Auth.php resetpassword function.
Max Base Score
9.8
Published
2020-12-30
Updated
2022-04-05
EPSS
74.73%
CVE-2020-35846
Public exploit exists
Agentejo Cockpit before 0.11.2 allows NoSQL injection via the Controller/Auth.php check function.
Max Base Score
9.8
Published
2020-12-30
Updated
2022-09-02
EPSS
82.54%
CVE-2020-35729
Public exploit exists
KLog Server 2.4.1 allows OS command injection via shell metacharacters in the actions/authenticate.php user parameter.
Max Base Score
10.0
Published
2020-12-27
Updated
2021-02-18
EPSS
95.89%
CVE-2020-35665
Public exploit exists
An unauthenticated command-execution vulnerability exists in TerraMaster TOS through 4.2.06 via shell metacharacters in the Event parameter in include/makecvs.php during CSV creation.
Max Base Score
10.0
Published
2020-12-23
Updated
2023-06-12
EPSS
91.80%
CVE-2020-35476
Public exploit exists
A remote code execution vulnerability occurs in OpenTSDB through 2.4.0 via command injection in the yrange parameter. The yrange value is written to a gnuplot file in the /tmp directory. This file is then executed via the mygnuplot.sh shell script. (tsd/GraphHandler.java attempted to prevent command injections by blocking backticks but this is insufficient.)
Max Base Score
9.8
Published
2020-12-16
Updated
2023-03-03
EPSS
95.74%
CVE-2020-35234
Public exploit exists
The easy-wp-smtp plugin before 1.4.4 for WordPress allows Administrator account takeover, as exploited in the wild in December 2020. If an attacker can list the wp-content/plugins/easy-wp-smtp/ directory, then they can discover a log file (such as #############_debug_log.txt) that contains all password-reset links. The attacker can request a reset of the Administrator password and then use a link found there.
Max Base Score
7.5
Published
2020-12-14
Updated
2020-12-15
EPSS
37.45%
CVE-2020-28949
Public exploit exists
Known Exploited Vulnerability
Archive_Tar through 1.4.10 has :// filename sanitization only to address phar attacks, and thus any other stream-wrapper attack (such as file:// to overwrite files) can still succeed.
Max Base Score
7.8
Published
2020-11-19
Updated
2022-01-06
EPSS
96.69%
KEV Added
2022-08-25
CVE-2020-28347
Public exploit exists
tdpServer on TP-Link Archer A7 AC1750 devices before 201029 allows remote attackers to execute arbitrary code via the slave_mac parameter. NOTE: this issue exists because of an incomplete fix for CVE-2020-10882 in which shell quotes are mishandled.
Max Base Score
10.0
Published
2020-11-08
Updated
2021-07-21
EPSS
4.05%
CVE-2020-28328
Public exploit exists
SuiteCRM before 7.11.17 is vulnerable to remote code execution via the system settings Log File Name setting. In certain circumstances involving admin account takeover, logger_file_name can refer to an attacker-controlled .php file under the web root.
Max Base Score
9.0
Published
2020-11-06
Updated
2021-12-02
EPSS
9.07%
CVE-2020-28188
Public exploit exists
Remote Command Execution (RCE) vulnerability in TerraMaster TOS <= 4.2.06 allow remote unauthenticated attackers to inject OS commands via /include/makecvs.php in Event parameter.
Max Base Score
10.0
Published
2020-12-24
Updated
2023-06-12
EPSS
97.28%
CVE-2020-27955
Public exploit exists
Git LFS 2.12.0 allows Remote Code Execution.
Max Base Score
10.0
Published
2020-11-05
Updated
2021-12-16
EPSS
93.61%
CVE-2020-27615
Public exploit exists
The Loginizer plugin before 1.6.4 for WordPress allows SQL injection (with resultant XSS), related to loginizer_login_failed and lz_valid_ip.
Max Base Score
9.8
Published
2020-10-21
Updated
2020-10-23
EPSS
0.74%
CVE-2020-27387
Public exploit exists
An unrestricted file upload issue in HorizontCMS through 1.0.0-beta allows an authenticated remote attacker (with access to the FileManager) to upload and execute arbitrary PHP code by uploading a PHP payload, and then using the FileManager's rename function to provide the payload (which will receive a random name on the server) with the PHP extension, and finally executing the PHP file via an HTTP GET request to /storage/<php_file_name>. NOTE: the vendor has patched this while leaving the version number at 1.0.0-beta.
Max Base Score
8.8
Published
2020-11-05
Updated
2022-10-19
EPSS
8.28%
CVE-2020-27386
Public exploit exists
An unrestricted file upload issue in FlexDotnetCMS before v1.5.9 allows an authenticated remote attacker to upload and execute arbitrary files by using the FileManager to upload malicious code (e.g., ASP code) in the form of a safe file type (e.g., a TXT file), and then using the FileEditor (in v1.5.8 and prior) or the FileManager's rename function (in v1.5.7 and prior) to rename the file to an executable extension (e.g., ASP), and finally executing the file via an HTTP GET request to /<path_to_file>.
Max Base Score
8.8
Published
2020-11-12
Updated
2022-12-06
EPSS
32.46%
CVE-2020-26950
Public exploit exists
In certain circumstances, the MCallGetProperty opcode can be emitted with unmet assumptions resulting in an exploitable use-after-free condition. This vulnerability affects Firefox < 82.0.3, Firefox ESR < 78.4.1, and Thunderbird < 78.4.2.
Max Base Score
9.3
Published
2020-12-09
Updated
2022-04-08
EPSS
90.16%
CVE-2020-26948
Public exploit exists
Emby Server before 4.5.0 allows SSRF via the Items/RemoteSearch/Image ImageURL parameter.
Max Base Score
9.8
Published
2020-10-10
Updated
2023-01-10
EPSS
13.99%
CVE-2020-26124
Public exploit exists
openmediavault before 4.1.36 and 5.x before 5.5.12 allows authenticated PHP code injection attacks, via the sortfield POST parameter of rpc.php, because json_encode_safe is not used in config/databasebackend.inc. Successful exploitation allows arbitrary command execution on the underlying operating system as root.
Max Base Score
9.0
Published
2020-10-02
Updated
2022-01-06
EPSS
52.07%
CVE-2020-25592
Public exploit exists
In SaltStack Salt through 3002, salt-netapi improperly validates eauth credentials and tokens. A user can bypass authentication and invoke Salt SSH.
Max Base Score
9.8
Published
2020-11-06
Updated
2021-07-21
EPSS
45.07%
CVE-2020-25223
Public exploit exists
Known Exploited Vulnerability
A remote code execution vulnerability exists in the WebAdmin of Sophos SG UTM before v9.705 MR5, v9.607 MR7, and v9.511 MR11
Max Base Score
10.0
Published
2020-09-25
Updated
2023-10-17
EPSS
97.44%
KEV Added
2022-03-25
CVE-2020-25213
Public exploit exists
Known Exploited Vulnerability
The File Manager (wp-file-manager) plugin before 6.9 for WordPress allows remote attackers to upload and execute arbitrary PHP code because it renames an unsafe example elFinder connector file to have the .php extension. This, for example, allows attackers to run the elFinder upload (or mkfile and put) command to write PHP code into the wp-content/plugins/wp-file-manager/lib/files/ directory. This was exploited in the wild in August and September 2020.
Max Base Score
10.0
Published
2020-09-09
Updated
2023-04-03
EPSS
97.34%
KEV Added
2021-11-03
CVE-2020-25042
Public exploit exists
An arbitrary file upload issue exists in Mara CMS 7.5. In order to exploit this, an attacker must have a valid authenticated (admin/manager) session and make a codebase/dir.php?type=filenew request to upload PHP code to codebase/handler.php.
Max Base Score
7.2
Published
2020-09-03
Updated
2022-12-03
EPSS
50.39%
CVE-2020-24186
Public exploit exists
A Remote Code Execution vulnerability exists in the gVectors wpDiscuz plugin 7.0 through 7.0.4 for WordPress, which allows unauthenticated users to upload any type of file, including PHP files via the wmuUploadFiles AJAX action.
Max Base Score
10.0
Published
2020-08-24
Updated
2022-01-01
EPSS
97.42%
CVE-2020-17530
Public exploit exists
Known Exploited Vulnerability
Forced OGNL evaluation, when evaluated on raw user input in tag attributes, may lead to remote code execution. Affected software : Apache Struts 2.0.0 - Struts 2.5.25.
Max Base Score
9.8
Published
2020-12-11
Updated
2022-06-03
EPSS
97.01%
KEV Added
2021-11-03
CVE-2020-17506
Public exploit exists
Artica Web Proxy 4.30.00000000 allows remote attacker to bypass privilege detection and gain web backend administrator privileges through SQL injection of the apikey parameter in fw.login.php.
Max Base Score
9.8
Published
2020-08-12
Updated
2022-11-21
EPSS
96.06%
CVE-2020-17505
Public exploit exists
Artica Web Proxy 4.30.000000 allows an authenticated remote attacker to inject commands via the service-cmds parameter in cyrus.php. These commands are executed with root privileges via service_cmds_peform.
Max Base Score
9.0
Published
2020-08-12
Updated
2023-01-24
EPSS
96.84%