CVE-2020-26048
Published
CVSS v3
8.8
HIGH
CVSS v2
6.5
MEDIUM
Affected
1
PROJECT
Description
The file manager option in CuppaCMS before 2019-11-12 allows an authenticated attacker to upload a malicious file within an image extension and through a custom request using the rename function provided by the file manager is able to modify the image extension into PHP resulting in remote arbitrary code execution.
Cuppa is a project open source, that seeks offer a adaptable CMS to any project (news or exist developments, web, desktop or mobile project) that don't have a Content Manager System and need implement one without realize heavy migration processes, nor take hours learning new, complex structures and methodologies.
GitHub