yanbochen97/CuppaCMS_RCE

Releases0

An Unauthorized attacker can execute arbitrary php code leading to unauthorized remote code execution

CVE History

CVE	Published	CVSS v3	CVSS v2
CVE-2023-39681 ↗	Sep 5, 2023Tuesday, 5 September 2023, 18:15	9.8 CRITICAL	—
Cuppa CMS v1.0 was discovered to contain a remote code execution (RCE) vulnerability via the email_outgoing parameter at /Configuration.php. This vulnerability is triggered via a crafted payload.