8 matches found
Arbitrary file deletion
Arbitrary File Deletion vulnerability in puppyCMS v5.1 allows remote malicious attackers to delete the file/folder via /admin/functions.php...
CVE-2020-18888
Arbitrary File Deletion vulnerability in puppyCMS v5.1 allows remote malicious attackers to delete the file/folder via /admin/functions.php...
CVE-2020-18888
The CVE-2020-18888 entry concerns puppyCMS v5.1 with an Arbitrary File Deletion vulnerability. According to the documents, a remote attacker can delete files/folders via the vulnerable endpoint /admin/functions.php, due to insufficient path validation/restrictions. The issue is described across m...
CVE-2020-18889
Cross Site Request Forgery CSRF vulnerability in puppyCMS v5.1 that can change the admin's password via /admin/settings.php...
Cross site request forgery (csrf)
Cross Site Request Forgery CSRF vulnerability in puppyCMS v5.1 that can change the admin's password via /admin/settings.php...
CVE-2020-18890
Rmote Code Execution RCE vulnerability in puppyCMS v5.1 due to insecure permissions, which could let a remote malicious user getshell via /admin/functions.php...
CVE-2020-18890
CVE-2020-18890 affects puppyCMS v5.1 (puppyCMS, puppetCMS) with an RCE due to insecure permissions. The vulnerability allows a remote attacker to gain shell access via /admin/functions.php. Root cause: insecure file/permission handling in the admin function. Impact is described as remote code exe...
CVE-2020-18889
Cross Site Request Forgery CSRF vulnerability in puppyCMS v5.1 that can change the admin's password via /admin/settings.php...