CVE-2020-18890

Name of the Vulnerable Software and Affected Versions puppyCMS version 5.1

Description The issue is related to the implementation of the admin/functions.php script in the puppyCMS system, which is associated with incorrect permission storage. This could allow a remote attacker to execute arbitrary code. The vulnerability can be exploited via the "/admin/functions.php" API endpoint, potentially allowing a malicious user to gain shell access.

Recommendations For puppyCMS version 5.1, consider restricting access to the /admin/functions.php endpoint until a patch is available. As a temporary workaround, review and secure the permission settings in the admin/functions.php script to prevent exploitation.