Unrated severityNVD Advisory· Published Jan 27, 2026· Updated Jan 27, 2026
Victor CMS 1.0 - File Upload To RCE
CVE-2020-36942
Description
Victor CMS 1.0 contains a file upload vulnerability that allows authenticated users to upload malicious PHP files through the profile image upload feature. Attackers can upload a PHP shell to the /img directory and execute system commands by accessing the uploaded file via web browser.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
2- Range: =1.0
- Range: 1.0
Patches
Vulnerability mechanics
References
2- www.exploit-db.com/exploits/49310mitreexploit
- www.vulncheck.com/advisories/victor-cms-file-upload-to-rcemitrethird-party-advisory
News mentions
0No linked articles in our index yet.