Security Advisory

CVE-2020-36942

CVE vulnerability detail — eXtreme Datacenter Security Operations

Published 2026-01-27 15:23:48

Last updated 2026-01-27 21:37:09

Assigner VulnCheck

State PUBLISHED

Description

Victor CMS 1.0 contains a file upload vulnerability that allows authenticated users to upload malicious PHP files through the profile image upload feature. Attackers can upload a PHP shell to the /img directory and execute system commands by accessing the uploaded file via web browser.

← Browse all CVEs View on cve.org ↗