cbcvebase.
CVE-2022-34121
published 2022-07-27

CVE-2022-34121: Cuppa CMS v1.0 was discovered to contain a local file inclusion (LFI) vulnerability via the component /templates/default/html/windows/right.php.

PriorityP273high7.5CVSS 3.1
AVNACLPRNUINSUCHINAN
ITWEXPLOITVulnCheck KEV
Exploited in the wild
EPSS
2.96%
85.5th percentile
Cuppa CMS v1.0 was discovered to contain a local file inclusion (LFI) vulnerability via the component /templates/default/html/windows/right.php.

Affected

1 ranges
VendorProductVersion rangeFixed in
cuppacmscuppacms

Detection & IOCsextracted from sources · hover to see the quote

path/templates/default/html/windows/right.php
commandPOST /templates/default/html/windows/right.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded url=../../../../../../../../../../../../etc/passwd
path../../../../../../../../../../../../etc/passwd
  • Detect POST requests to /templates/default/html/windows/right.php with a body parameter 'url=' containing path traversal sequences (e.g., '../') targeting sensitive files such as /etc/passwd.
  • Match HTTP 200 responses to the above endpoint containing the regex pattern 'root:[x*]:0:0', indicating successful LFI and /etc/passwd disclosure.
  • The vulnerable parameter is 'url' submitted via POST to the right.php component; monitor for any path traversal sequences in this parameter.
  • ·The exploit requires no authentication (PR:N, UI:N per CVSS), meaning the vulnerable endpoint is publicly accessible without credentials.
  • ·Vulnerability is confirmed only against CuppaCMS v1.0 (cpe:2.3:a:cuppacms:cuppacms:1.0); other versions may not be affected.

CVSS provenance

nvdv3.17.5HIGHCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
vulncheck7.5HIGH
CVEs like this are exactly what “Exploited This Week” covers.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.