** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2020. Notes: none.
Unrestricted file upload vulnerability in 'file upload' modules in b2evolution 6.8.8 allows authenticated users to upload malicious code (shell) by visiting the admin.php?ctrl=files page, even though the system has restricted the .php extension.
lshell 0.9.16 allows remote authenticated users to break out of a limited shell and execute arbitrary commands.
PHP Scripts Mall Image Sharing Script 1.3.3 has XSS via the Full Name field in an Edit Profile action.