CVE-2020-26048

The file manager option in CuppaCMS before 2019-11-12 allows an authenticated attacker to upload a malicious file within an image extension and through a custom request using the rename function provided by the file manager is able to modify the image extension into PHP resulting in remote arbitrary code execution.

CVSS v3 8.8 HIGH
CVSS v2.0 6.5 MEDIUM

8.8^/10

CVSS v3 : HIGH

Vector :

Exploitability : 2.8 / Impact : 5.9

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required LOW

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact HIGH

Availability Impact HIGH

Scope UNCHANGED

6.5^/10

CVSS v2.0 : MEDIUM

Vector : AV:N/AC:L/Au:S/C:P/I:P/A:P

Exploitability : 8.0 / Impact : 6.4

Access Vector NETWORK

Access Complexity LOW

Authentication SINGLE

Confidentiality Impact PARTIAL

Integrity Impact PARTIAL

Availability Impact PARTIAL

References

Link	Resource
https://github.com/CuppaCMS/CuppaCMS/issues/7	Third Party Advisory

Configurations

Configuration 1 (hide)

cpe:2.3:a:cuppacms:cuppacms:*:*:*:*:*:*:*:*

History

No history.

Information

Published : 2020-10-05 15:15

Updated : 2024-02-04 21:23

NVD link : CVE-2020-26048

Mitre link : CVE-2020-26048

CVE.ORG link : CVE-2020-26048

JSON object : View

Products Affected

cuppacms

cuppacms

CWE

CWE-434

Unrestricted Upload of File with Dangerous Type

{"id": "CVE-2020-26048", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 6.5, "accessVector": "NETWORK", "vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P", "authentication": "SINGLE", "integrityImpact": "PARTIAL", "accessComplexity": "LOW", "availabilityImpact": "PARTIAL", "confidentialityImpact": "PARTIAL"}, "acInsufInfo": false, "impactScore": 6.4, "baseSeverity": "MEDIUM", "obtainAllPrivilege": false, "exploitabilityScore": 8.0, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}], "cvssMetricV31": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 8.8, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "LOW", "confidentialityImpact": "HIGH"}, "impactScore": 5.9, "exploitabilityScore": 2.8}]}, "published": "2020-10-05T15:15:12.170", "references": [{"url": "https://github.com/CuppaCMS/CuppaCMS/issues/7", "tags": ["Third Party Advisory"], "source": "cve@mitre.org"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-434"}]}], "descriptions": [{"lang": "en", "value": "The file manager option in CuppaCMS before 2019-11-12 allows an authenticated attacker to upload a malicious file within an image extension and through a custom request using the rename function provided by the file manager is able to modify the image extension into PHP resulting in remote arbitrary code execution."}, {"lang": "es", "value": "La opci\u00f3n file manager en CuppaCMS versiones anteriores al 12-11-2019, permite a un atacante autenticado cargar un archivo malicioso dentro de una extensi\u00f3n de imagen y, por medio de una petici\u00f3n personalizada, usando la funci\u00f3n rename proporcionada mediante el administrador de archivos, es capaz de modificar la extensi\u00f3n de la imagen a PHP, resultando en una ejecuci\u00f3n de c\u00f3digo arbitraria remota"}], "lastModified": "2020-10-14T14:10:38.333", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:cuppacms:cuppacms:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "D8ED1BEA-DDC5-4FB0-BD5B-B8BED225773A", "versionEndExcluding": "2019-11-12"}], "operator": "OR"}]}], "sourceIdentifier": "cve@mitre.org"}