exploitDog

CVE-2022-37190

Опубликовано: 13 сент. 2022

Источник: nvd

CVSS3: 8.8

EPSS Высокий

Описание

CuppaCMS 1.0 is vulnerable to Remote Code Execution (RCE). An authenticated user can control both parameters (action and function) from "/api/index.php.

Ссылки

https://github.com/CuppaCMS/CuppaCMS/issues/22
Exploit
Issue Tracking
Third Party Advisory
https://github.com/badru8612/Authenticated-RCE-CuppaCMS
Exploit
Issue Tracking
Third Party Advisory
https://github.com/CuppaCMS/CuppaCMS/issues/22
Exploit
Issue Tracking
Third Party Advisory
https://github.com/badru8612/Authenticated-RCE-CuppaCMS
Exploit
Issue Tracking
Third Party Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:cuppacms:cuppacms:1.0:*:*:*:*:*:*:*

EPSS

Процентиль: 99%

0.82094

Высокий

8.8 High

CVSS3

Дефекты

NVD-CWE-Other

Связанные уязвимости

GHSA-3cj2-jpp7-6f9r

CVSS3: 8.8

github

больше 3 лет назад

CuppaCMS 1.0 is vulnerable to Remote Code Execution (RCE). An authenticated user can control both parameters (action and function) from "/api/index.php.

EPSS

Процентиль: 99%

0.82094

Высокий

8.8 High

CVSS3

Дефекты

NVD-CWE-Other