CVE-2022-34121
published 2022-07-27CVE-2022-34121: Cuppa CMS v1.0 was discovered to contain a local file inclusion (LFI) vulnerability via the component /templates/default/html/windows/right.php.
PriorityP273high7.5CVSS 3.1
AVNACLPRNUINSUCHINAN
ITWEXPLOITVulnCheck KEV
Exploited in the wild
EPSS
2.96%
85.5th percentile
Cuppa CMS v1.0 was discovered to contain a local file inclusion (LFI) vulnerability via the component /templates/default/html/windows/right.php.
Affected
1 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| cuppacms | cuppacms | — | — |
Detection & IOCsextracted from sources · hover to see the quote
commandPOST /templates/default/html/windows/right.php HTTP/1.1
Content-Type: application/x-www-form-urlencoded
url=../../../../../../../../../../../../etc/passwd
path../../../../../../../../../../../../etc/passwd
- →Detect POST requests to /templates/default/html/windows/right.php with a body parameter 'url=' containing path traversal sequences (e.g., '../') targeting sensitive files such as /etc/passwd.
- →Match HTTP 200 responses to the above endpoint containing the regex pattern 'root:[x*]:0:0', indicating successful LFI and /etc/passwd disclosure.
- →The vulnerable parameter is 'url' submitted via POST to the right.php component; monitor for any path traversal sequences in this parameter.
- ·The exploit requires no authentication (PR:N, UI:N per CVSS), meaning the vulnerable endpoint is publicly accessible without credentials.
- ·Vulnerability is confirmed only against CuppaCMS v1.0 (cpe:2.3:a:cuppacms:cuppacms:1.0); other versions may not be affected.
CVSS provenance
nvdv3.17.5HIGHCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
vulncheck7.5HIGH
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-4pqq-wq2g-6rcm: Cuppa CMS v1
ghsa_unreviewed·2022-07-28
CVE-2022-34121 [HIGH] CWE-829 GHSA-4pqq-wq2g-6rcm: Cuppa CMS v1
Cuppa CMS v1.0 was discovered to contain a local file inclusion (LFI) vulnerability via the component /templates/default/html/windows/right.php.
VulnCheck
cuppacms cuppacms Inclusion of Functionality from Untrusted Control Sphere
vulncheck·2022·CVSS 7.5
CVE-2022-34121 [HIGH] cuppacms cuppacms Inclusion of Functionality from Untrusted Control Sphere
cuppacms cuppacms Inclusion of Functionality from Untrusted Control Sphere
Cuppa CMS v1.0 was discovered to contain a local file inclusion (LFI) vulnerability via the component /templates/default/html/windows/right.php.
Affected: cuppacms cuppacms
Required Action: Apply remediations or mitigations per vendor instructions or discontinue use of the product if remediation or mitigations are unavailable.
Exploitation References: https://dashboard.shadowserver.org/statistics/honeypot/vulnerability/map/?day=2023-11-13&host_type=src&vulnerability=cve-2022-34121; https://dashboard.shadowserver.org/statistics/honeypot/vulnerability/map/?day=2024-01-22&host_type=src&vulnerability=cve-2022-34121; https://dashboard.shadowserver.org/statistics/honeypot/vulnerability/map/?day=2024-01-23&host_type=sr
No detection rules found.
Nuclei
CuppaCMS v1.0 - Local File Inclusion
nuclei·CVSS 7.5
CVE-2022-34121 [HIGH] CuppaCMS v1.0 - Local File Inclusion
CuppaCMS v1.0 - Local File Inclusion
Cuppa CMS v1.0 is vulnerable to local file inclusion via the component /templates/default/html/windows/right.php.
Template:
id: CVE-2022-34121
info:
name: CuppaCMS v1.0 - Local File Inclusion
author: edoardottt
severity: high
description: |
Cuppa CMS v1.0 is vulnerable to local file inclusion via the component /templates/default/html/windows/right.php.
impact: |
Successful exploitation of this vulnerability can lead to unauthorized access, sensitive information disclosure, and potential remote code execution.
remediation: |
Upgrade to the latest version of CuppaCMS or apply the provided patch to fix the LFI vulnerability.
reference:
- https://github.com/hansmach1ne/MyExploits/tree/main/LFI_in_CuppaCMS_templates
- https://github.com/CuppaCMS/CuppaCMS
2022-07-27
Published
Exploited in the wild