Critical severity9.8NVD Advisory· Published Apr 5, 2022· Updated Jun 17, 2026
CVE-2021-28428
CVE-2021-28428
Description
File upload vulnerability in HorizontCMS before 1.0.0-beta.3 via uploading a .htaccess and *.hello files using the Media Files upload functionality. The original file upload vulnerability (CVE-2020-27387) was remediated by restricting the PHP extensions; however, we confirmed that the filter was bypassed via uploading an arbitrary .htaccess and *.hello files in order to execute PHP code to gain RCE.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
2- HorizontCMS/HorizontCMSdescription
- Range: <1.0.0-beta.3
Patches
Vulnerability mechanics
References
1- github.com/ttimot24/HorizontCMS/commit/9c4d6827cbe96decec6834d53660e14ab2bf8838nvdPatchThird Party Advisory
News mentions
0No linked articles in our index yet.