Security Advisory

CVE-2020-26048

CVE vulnerability detail — eXtreme Datacenter Security Operations

Published 2020-10-05 14:27:01

Last updated 2024-08-04 15:49:06

Assigner mitre

State PUBLISHED

Description

The file manager option in CuppaCMS before 2019-11-12 allows an authenticated attacker to upload a malicious file within an image extension and through a custom request using the rename function provided by the file manager is able to modify the image extension into PHP resulting in remote arbitrary code execution.

← Browse all CVEs View on cve.org ↗