exploitDog

GHSA-p37g-3w4v-6868

Опубликовано: 14 сент. 2022

Источник: github

Github: Не прошло ревью

CVSS3: 6.5

Описание

The component "cuppa/api/index.php" of CuppaCMS v1.0 is Vulnerable to LFI. An authenticated user can read system files via crafted POST request using [function] parameter value as LFI payload.

The component "cuppa/api/index.php" of CuppaCMS v1.0 is Vulnerable to LFI. An authenticated user can read system files via crafted POST request using [function] parameter value as LFI payload.

Ссылки

EPSS

Процентиль: 98%

0.46367

Средний

6.5 Medium

CVSS3

CVE ID

Дефекты

CWE-829

Связанные уязвимости

CVE-2022-37191

CVSS3: 6.5

nvd

больше 3 лет назад

The component "cuppa/api/index.php" of CuppaCMS v1.0 is Vulnerable to LFI. An authenticated user can read system files via crafted POST request using [function] parameter value as LFI payload.

EPSS

Процентиль: 98%

0.46367

Средний

6.5 Medium

CVSS3

CVE ID

Дефекты

CWE-829