PT-2019-6263 · Puppycms · Puppycms

Abstin

Published

2019-03-27

Updated

2021-05-12

CVE-2020-18890

CVSS v2.0

Critical

Vector

AV:N/AC:L/Au:N/C:C/I:C/A:C

Name of the Vulnerable Software and Affected Versions puppyCMS version 5.1

Description The issue is related to the implementation of the admin/functions.php script in the puppyCMS system, which is associated with incorrect permission storage. This could allow a remote attacker to execute arbitrary code. The vulnerability can be exploited via the "/admin/functions.php" API endpoint, potentially allowing a malicious user to gain shell access.

Recommendations For puppyCMS version 5.1, consider restricting access to the /admin/functions.php endpoint until a patch is available. As a temporary workaround, review and secure the permission settings in the admin/functions.php script to prevent exploitation.

Exploit

Fix

Improper Preservation of Permissions

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-281

Related Identifiers

BDU:2022-06127

CVE-2020-18890

Affected Products

Puppycms

PT-2019-6263 · Puppycms · Puppycms

CVE-2020-18890

Weakness Enumeration

Related Identifiers

Affected Products

References · 7