VYPR
Unrated severityNVD Advisory· Published Feb 3, 2026· Updated Feb 4, 2026

Victor CMS 1.0 - Authenticated Arbitrary File Upload

CVE-2020-37073

Description

Victor CMS 1.0 contains an authenticated file upload vulnerability that allows administrators to upload PHP files with arbitrary content through the user_image parameter. Attackers can upload a malicious PHP shell to the /img/ directory and execute system commands by accessing the uploaded file with a 'cmd' parameter.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected products

2

Patches

Vulnerability mechanics

References

2

News mentions

0

No linked articles in our index yet.