{"vulnerability": "CVE-2020-2604", "sightings": [{"uuid": "de900b82-0a61-41f7-88a7-b2b4e0b29415", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2020-26048", "type": "seen", "source": "https://t.me/arpsyndicate/2186", "content": "#ExploitObserverAlert\n\nCVE-2020-26048\n\nDESCRIPTION: Exploit Observer has 3 entries related to CVE-2020-26048. The file manager option in CuppaCMS before 2019-11-12 allows an authenticated attacker to upload a malicious file within an image extension and through a custom request using the rename function provided by the file manager is able to modify the image extension into PHP resulting in remote arbitrary code execution.\n\nFIRST-EPSS: 0.002900000\nNVD-IS: 5.9\nNVD-ES: 2.8", "creation_timestamp": "2023-12-28T03:50:57.000000Z"}, {"uuid": "d732aca1-a5f6-453e-a1c8-9404b7282e15", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2020-26045", "type": "seen", "source": "https://t.me/cibsecurity/21580", "content": "\u203c CVE-2020-26045 \u203c\n\nFUEL CMS 1.4.11 allows SQL Injection via parameter 'name' in /fuel/permissions/create/. Exploiting this issue could allow an attacker to compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2021-01-05T19:25:27.000000Z"}, {"uuid": "4e680bed-4afd-4cbe-a2eb-b6c5c8d1acc1", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2020-26046", "type": "seen", "source": "https://t.me/cibsecurity/21576", "content": "\u203c CVE-2020-26046 \u203c\n\nFUEL CMS 1.4.11 has stored XSS in Blocks/Navigation/Site variables. This could lead to cookie stealing and other malicious actions. This vulnerability can be exploited with an authenticated account and also impact other visitors.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2021-01-05T19:25:23.000000Z"}, {"uuid": "1fbe0071-2722-4be5-bb2a-2e9c03732511", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2020-26049", "type": "seen", "source": "https://t.me/cibsecurity/21121", "content": "\u203c CVE-2020-26049 \u203c\n\nNifty-PM CPE 2.3 is affected by stored HTML injection. The impact is remote arbitrary code execution.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2020-12-21T18:52:06.000000Z"}]}