Vulnerabilities > CVE-2020-18890 - Improper Preservation of Permissions vulnerability in Puppycms 5.1

CVSS 9.8 - CRITICAL

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

NONE

Confidentiality impact

HIGH

Integrity impact

HIGH

Availability impact

HIGH

network

low complexity

puppycms

CWE-281

critical

NVD

Published: 2021-05-06

Updated: 2021-05-12

Summary

Rmote Code Execution (RCE) vulnerability in puppyCMS v5.1 due to insecure permissions, which could let a remote malicious user getshell via /admin/functions.php.

Vulnerable Configurations

Part	Description	Count
Application	Puppycms Puppycms Puppycms 5.1	1

Common Weakness Enumeration (CWE)

CWE-281 - Improper Preservation of Permissions

References

https://github.com/choregus/puppyCMS/issues/14