Monitor vulnerabilities like this one.
Sign up free to get alerted when software you use is affected.
8.7
CVE-2020-37227: HS Brand Logo Slider 2.1 allows attackers to upload malicious files
CVE-2020-37227
Summary
Authenticated users can upload files with malicious code, which can be used to take control of the website. This is a serious security risk because attackers can use it to execute their own code on the server. To protect against this, update the HS Brand Logo Slider to the latest version or remove it if not necessary.
Original title
HS Brand Logo Slider 2.1 contains an unrestricted file upload vulnerability that allows authenticated users to bypass client-side file extension validation by uploading arbitrary files. Attackers c...
Original description
HS Brand Logo Slider 2.1 contains an unrestricted file upload vulnerability that allows authenticated users to bypass client-side file extension validation by uploading arbitrary files. Attackers can intercept upload requests to the logoupload parameter in the admin interface and rename files to executable extensions .php to achieve remote code execution.
nvd CVSS3.1
8.8
nvd CVSS4.0
8.7
Vulnerability type
CWE-434
Unrestricted File Upload
Published: 16 May 2026 · Updated: 30 May 2026 · First seen: 16 May 2026