CVE-2020-26048
CVE-2020-26048 relates to CuppaCMS prior to 2019-11-12, where an authenticated attacker can upload a malicious file masquerading as an image and, via a rename function in the file manager, convert the image extension to PHP, enabling remote arbitrary code execution. The vulnerability combines an ...