CVE-2023-39681

Name of the Vulnerable Software and Affected Versions Cuppa CMS version 1.0

Description The issue is related to a remote code execution (RCE) vulnerability. It is triggered via a crafted payload and can be exploited through the email outgoing parameter at the "/Configuration.php" API endpoint.

Recommendations For Cuppa CMS version 1.0, as a temporary workaround, consider restricting access to the "/Configuration.php" endpoint to minimize the risk of exploitation. Avoid using the email outgoing parameter in the affected endpoint until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.