Vulnerabilities > CVE-2020-18890 - Improper Preservation of Permissions vulnerability in Puppycms 5.1

CVSS 7.5 - HIGH

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

NONE

Confidentiality impact

PARTIAL

Integrity impact

PARTIAL

Availability impact

PARTIAL

network

low complexity

puppycms

CWE-281

NVD

Published: 2021-05-06

Updated: 2021-05-12

Summary

Rmote Code Execution (RCE) vulnerability in puppyCMS v5.1 due to insecure permissions, which could let a remote malicious user getshell via /admin/functions.php.

Vulnerable Configurations

Part	Description	Count
Application	Puppycms Puppycms Puppycms 5.1	1

Common Weakness Enumeration (CWE)

CWE-281 - Improper Preservation of Permissions

References

https://github.com/choregus/puppyCMS/issues/14