VYPR
Unrated severityNVD Advisory· Published Feb 24, 2020· Updated Aug 4, 2024

CVE-2020-9381

CVE-2020-9381

Description

controllers/admin.js in Total.js CMS 13 allows remote attackers to execute arbitrary code via a POST to the /admin/api/widgets/ URI. This can be exploited in conjunction with CVE-2019-15954.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected products

2
  • Total.js/CMSdescription
  • Totaljs/CMSllm-fuzzy
    Range: <= 13

Patches

Vulnerability mechanics

References

2

News mentions

0

No linked articles in our index yet.