Security Advisory

CVE-2020-37073

CVE vulnerability detail — eXtreme Datacenter Security Operations

Published 2026-02-03 22:01:41

Last updated 2026-02-04 19:00:31

Assigner VulnCheck

State PUBLISHED

Description

Victor CMS 1.0 contains an authenticated file upload vulnerability that allows administrators to upload PHP files with arbitrary content through the user_image parameter. Attackers can upload a malicious PHP shell to the /img/ directory and execute system commands by accessing the uploaded file with a cmd parameter.

← Browse all CVEs View on cve.org ↗