CVE-2020-18890

Published: May 6, 2021Modified: Jun 17, 2026

9.8

Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Exploitability: 3.9 / Impact: 5.9

Source: NVD

Description

Rmote Code Execution (RCE) vulnerability in puppyCMS v5.1 due to insecure permissions, which could let a remote malicious user getshell via /admin/functions.php.

Affected (1)

Products: Puppycms: Puppycms

Puppycms

1 product

Puppycms

Configuration A

1 vulnerable

Vulnerable Software	Affected Versions
Puppycms Puppycms	Version 5.1

Related CWEs

CWE-281

Improper Preservation of Permissions

The product does not preserve permissions or incorrectly preserves permissions when copying, restoring, or sharing objects, which can cause them to have less restrictive permissions than intended.

References (2)

https://github.com/choregus/puppyCMS/issues/14

Source: cve@mitre.org

ExploitIssue TrackingThird Party Advisory

https://github.com/choregus/puppyCMS/issues/14

Source: af854a3a-2127-422b-91ae-364da2661108

ExploitIssue TrackingThird Party Advisory

Timeline

No history available yet.