quarter77/PPress-CMS_vulnerability_chain_details

Releases0

PPress-CMS vulnerability chain details

CVE History

CVE	Published	CVSS v3	CVSS v2
CVE-2025-52159 ↗	Sep 19, 2025Friday, 19 September 2025, 20:15	8.8 HIGH	—
Hardcoded credentials in default configuration of PPress 0.0.9.
CVE-2025-54761 ↗	Sep 19, 2025Friday, 19 September 2025, 20:15	8 HIGH	—
An issue was discovered in PPress 0.0.9 allowing attackers to gain escilated privlidges via crafted session cookie.
CVE-2025-54815 ↗	Sep 19, 2025Friday, 19 September 2025, 20:15	8.8 HIGH	—
Server-side template injection (SSTI) vulnerability in PPress 0.0.9 allows attackers to execute arbitrary code via crafted themes.