Vulnerabilities > CVE-2022-37191 - Inclusion of Functionality from Untrusted Control Sphere vulnerability in Cuppacms 1.0

CVSS 6.5 - MEDIUM

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

LOW

Confidentiality impact

HIGH

Integrity impact

NONE

Availability impact

NONE

network

low complexity

cuppacms

CWE-829

NVD

Published: 2022-09-13

Updated: 2022-09-17

Summary

The component "cuppa/api/index.php" of CuppaCMS v1.0 is Vulnerable to LFI. An authenticated user can read system files via crafted POST request using [function] parameter value as LFI payload.

Vulnerable Configurations

Part	Description	Count
Application	Cuppacms Cuppacms Cuppacms 1.0	1

Common Weakness Enumeration (CWE)

CWE-829 - Inclusion of Functionality from Untrusted Control Sphere

References

https://github.com/CuppaCMS/CuppaCMS/issues/20
https://github.com/badru8612/CuppaCMS-Authenticated-LFI-Vulnerability