What is CVE-2020-27387?

CVE-2020-27387 is a vulnerability in N/a. Published 2020-11-05.

Is CVE-2020-27387 known to be exploited?

3 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.

Vulnerability in N/a

CVE-2020-27387

An unrestricted file upload issue in HorizontCMS through 1.0.0-beta allows an authenticated remote attacker (with access to the FileManager) to upload and execute arbitrary PHP code by uploading a PHP payload, and then using the FileManage…

EPSS: 0.703 (98.7th percentile) — read the EPSS interpretation.

Affected products

N/a — versions n/a

Public proof-of-concept exploits

References

github.com/rapid7/metasploit-framework/pull/14340 (x_refsource_MISC)
github.com/ttimot24/HorizontCMS/commit/436b5ab679fd27afa3d99c023dbe103113da4fee (x_refsource_MISC)
blog.vonahi.io/whats-in-a-re-name/ (x_refsource_MISC)
packetstormsecurity.com/files/160046/HorizontCMS-1.0.0-beta-Shell-Upload.html (x_refsource_MISC)

Frequently asked questions

What is CVE-2020-27387?: CVE-2020-27387 is a vulnerability in N/a. Published 2020-11-05.
Is CVE-2020-27387 known to be exploited?: 3 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.