PHP Scripts Mall Image Sharing Script 1.3.3 has XSS via the Full Name field in an Edit Profile action.
Unrestricted file upload vulnerability in 'file upload' modules in b2evolution 6.8.8 allows authenticated users to upload malicious code (shell) by visiting the admin.php?ctrl=files page, even though the system has restricted the .php extension.
lshell 0.9.16 allows remote authenticated users to break out of a limited shell and execute arbitrary commands.
** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2020. Notes: none.