{"vulnerability": "CVE-2020-27387", "sightings": [{"uuid": "a5d1243a-88f0-4972-9b50-42598583f6ca", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2020-27387", "type": "seen", "source": "MISP/a1e796df-2ad8-4c8d-8b69-737a004e72dd", "content": "", "creation_timestamp": "2025-02-06T03:13:44.000000Z"}, {"uuid": "8aab3663-3ba4-470e-b004-b01d3d7793a2", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2020-27387", "type": "seen", "source": "https://bsky.app/profile/beikokucyber.bsky.social/post/3ltzsfqty6n22", "content": "", "creation_timestamp": "2025-07-15T21:02:18.961799Z"}, {"uuid": "90b66a20-c862-4c14-a529-944ccddca606", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2020-27387", "type": "seen", "source": "MISP/a1e796df-2ad8-4c8d-8b69-737a004e72dd", "content": "", "creation_timestamp": "2025-02-23T04:10:27.000000Z"}, {"uuid": "5a099b9d-8e22-40a2-a96c-47bab8c977ca", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2020-27387", "type": "seen", "source": "The Shadowserver (honeypot/common-vulnerabilities) - (2025-07-13)", "content": "", "creation_timestamp": "2025-07-13T00:00:00.000000Z"}, {"uuid": "8a113f51-f27f-4c15-bdf7-42ad9e6a5655", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2020-27387", "type": "seen", "source": "https://github.com/rapid7/metasploit-framework/blob/master/modules/exploits/multi/http/horizontcms_upload_exec.rb", "content": "", "creation_timestamp": "2020-11-13T12:05:48.000000Z"}, {"uuid": "198b2c44-70e3-4de3-b9e0-ac0d089d7ae7", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2020-27387", "type": "seen", "source": "https://t.me/cibsecurity/15854", "content": "\u203c CVE-2020-27387 \u203c\n\nAn unrestricted file upload issue in HorizontCMS through 1.0.0-beta allows an authenticated remote attacker (with access to the FileManager) to upload and execute arbitrary PHP code by uploading a PHP payload, and then using the FileManager's rename function to provide the payload (which will receive a random name on the server) with the PHP extension, and finally executing the PHP file via an HTTP GET request to /storage/. NOTE: the vendor has patched this while leaving the version number at 1.0.0-beta.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2020-11-05T07:48:14.000000Z"}, {"uuid": "4043aa5d-cbeb-47e9-9799-b7c4691f465f", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2020-27387", "type": "seen", "source": "https://t.me/VulnerabilityNews/27456", "content": "File upload vulnerability in HorizontCMS before 1.0.0-beta.3 via uploading a .htaccess and *.hello files using the Media Files upload functionality. The original file upload vulnerability (CVE-2020-27387) was remediated by restricting the PHP extensions; however, we confirmed that the filter was bypassed via uploading an arbitrary .htaccess and *.hello files in order to execute PHP code to gain RCE.\nPublished at: April 05, 2022 at 06:15PM\nView on website", "creation_timestamp": "2022-04-05T20:42:21.000000Z"}, {"uuid": "9debc23a-ea2c-48e7-8931-05c6998c1685", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2020-27387", "type": "seen", "source": "https://t.me/cibsecurity/40187", "content": "\u203c CVE-2021-28428 \u203c\n\nFile upload vulnerability in HorizontCMS before 1.0.0-beta.3 via uploading a .htaccess and *.hello files using the Media Files upload functionality. The original file upload vulnerability (CVE-2020-27387) was remediated by restricting the PHP extensions; however, we confirmed that the filter was bypassed via uploading an arbitrary .htaccess and *.hello files in order to execute PHP code to gain RCE.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-04-05T20:29:14.000000Z"}]}