Vulnerabilities > CVE-2022-25485 - Inclusion of Functionality from Untrusted Control Sphere vulnerability in Cuppacms 1.0

047910
CVSS 6.8 - MEDIUM
Attack vector
NETWORK
Attack complexity
MEDIUM
Privileges required
NONE
Confidentiality impact
PARTIAL
Integrity impact
PARTIAL
Availability impact
PARTIAL
network
cuppacms
CWE-829
NVD
Published: 2022-03-15
Updated: 2022-03-23

Summary

CuppaCMS v1.0 was discovered to contain a local file inclusion via the url parameter in /alerts/alertLightbox.php.

Vulnerable Configurations

Part Description Count
Application
Cuppacms
1

Common Weakness Enumeration (CWE)

References