Unrated severityNVD Advisory· Published Feb 3, 2026· Updated Feb 4, 2026
Victor CMS 1.0 - Authenticated Arbitrary File Upload
CVE-2020-37073
Description
Victor CMS 1.0 contains an authenticated file upload vulnerability that allows administrators to upload PHP files with arbitrary content through the user_image parameter. Attackers can upload a malicious PHP shell to the /img/ directory and execute system commands by accessing the uploaded file with a 'cmd' parameter.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
2- Range: =1.0
- Range: 1.0
Patches
Vulnerability mechanics
References
2- www.exploit-db.com/exploits/48490mitreexploit
- www.vulncheck.com/advisories/victor-cms-authenticated-arbitrary-file-uploadmitrethird-party-advisory
News mentions
0No linked articles in our index yet.