exploitDog

CVE-2020-26048

Опубликовано: 05 окт. 2020

Источник: nvd

CVSS3: 8.8

CVSS2: 6.5

EPSS Низкий

Описание

The file manager option in CuppaCMS before 2019-11-12 allows an authenticated attacker to upload a malicious file within an image extension and through a custom request using the rename function provided by the file manager is able to modify the image extension into PHP resulting in remote arbitrary code execution.

Ссылки

https://github.com/CuppaCMS/CuppaCMS/issues/7
Third Party Advisory
https://github.com/CuppaCMS/CuppaCMS/issues/7
Third Party Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:cuppacms:cuppacms:*:*:*:*:*:*:*:*

Версия до 2019-11-12 (исключая)

EPSS

Процентиль: 83%

0.01859

Низкий

8.8 High

CVSS3

6.5 Medium

CVSS2

Дефекты

CWE-434

Связанные уязвимости

GHSA-vg5c-7m9h-9pr2

github

больше 3 лет назад

The file manager option in CuppaCMS before 2019-11-12 allows an authenticated attacker to upload a malicious file within an image extension and through a custom request using the rename function provided by the file manager is able to modify the image extension into PHP resulting in remote arbitrary code execution.

EPSS

Процентиль: 83%

0.01859

Низкий

8.8 High

CVSS3

6.5 Medium

CVSS2

Дефекты

CWE-434