VYPR
Vendor

FlexDotnetCMS

Products
2
CVEs
2
Across products
3
Status
Private

Products

2

Recent CVEs

2
  • CVE-2020-27385HigNov 12, 2020
    risk 0.53cvss 8.1epss 0.02

    Incorrect Access Control in the FileEditor (/Admin/Views/FileEditor/) in FlexDotnetCMS before v1.5.11 allows an authenticated remote attacker to read and write to existing files outside the web root. The files can be accessed via directory traversal, i.e., by entering a .. (dot…

  • CVE-2020-27386HigNov 12, 2020
    risk 0.09cvss 8.8epss 0.73

    An unrestricted file upload issue in FlexDotnetCMS before v1.5.9 allows an authenticated remote attacker to upload and execute arbitrary files by using the FileManager to upload malicious code (e.g., ASP code) in the form of a safe file type (e.g., a TXT file), and then using…