Critical severity9.8NVD Advisory· Published Feb 25, 2020· Updated Jun 17, 2026
CVE-2016-11020
CVE-2016-11020
Description
Kunena before 5.0.4 does not restrict avatar file extensions to gif, jpeg, jpg, and png. This can lead to XSS and remote code execution.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
3- Kunena/Kunenadescription
- Range: <5.0.4
Patches
Vulnerability mechanics
References
3- github.com/Kunena/Kunena-Forum/pull/5028nvdPatchThird Party Advisory
- www.kunena.org/blog/179-kunena-5-0-4-releasednvdRelease NotesVendor Advisory
- www.kunena.org/bugs/changelognvdRelease NotesVendor Advisory
News mentions
0No linked articles in our index yet.