Horizontcms Project Horizontcms — known CVE vulnerabilities
Every CVE whose affected-product data names Horizontcms Project Horizontcms, ordered by CVSS severity, with EPSS exploit prediction and CISA KEV status.
CVEs (4)
CVE-2021-28428 — CVSS 9.8 (critical): File upload vulnerability in HorizontCMS before 1.0.0-beta.3 via uploading a .htaccess and *.hello files using the Media Files upload…
CVE-2020-27387 — CVSS 8.8 (high): An unrestricted file upload issue in HorizontCMS through 1.0.0-beta allows an authenticated remote attacker (with access to the…
CVE-2020-28693 — CVSS 8.8 (high): An unrestricted file upload issue in HorizontCMS 1.0.0-beta allows an authenticated remote attacker to upload PHP code through a zip file…
CVE-2022-25104 — CVSS 7.5 (high): HorizontCMS v1.0.0-beta.2 was discovered to contain an arbitrary file download vulnerability via the component /admin/file-manager/.