CVE-2022-37191
published 2022-09-13CVE-2022-37191: The component "cuppa/api/index.php" of CuppaCMS v1.0 is Vulnerable to LFI. An authenticated user can read system files via crafted POST request using…
PriorityP344medium6.5CVSS 3.1
AVNACLPRLUINSUCHINAN
EXPLOIT
EPSS
2.50%
82.7th percentile
The component "cuppa/api/index.php" of CuppaCMS v1.0 is Vulnerable to LFI. An authenticated user can read system files via crafted POST request using [function] parameter value as LFI payload.
Affected
1 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| cuppacms | cuppacms | — | — |
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
No detection rules found.
Nuclei
Cuppa CMS v1.0 - Authenticated Local File Inclusion
nuclei·CVSS 6.5
CVE-2022-37191 [MEDIUM] Cuppa CMS v1.0 - Authenticated Local File Inclusion
Cuppa CMS v1.0 - Authenticated Local File Inclusion
The component "cuppa/api/index.php" of CuppaCMS v1.0 is Vulnerable to LFI. An authenticated user can read system files via crafted POST request using [function] parameter value as LFI payload.
Template:
id: CVE-2022-37191
info:
name: Cuppa CMS v1.0 - Authenticated Local File Inclusion
author: theamanrawat
severity: medium
description: |
The component "cuppa/api/index.php" of CuppaCMS v1.0 is Vulnerable to LFI. An authenticated user can read system files via crafted POST request using [function] parameter value as LFI payload.
impact: |
Successful exploitation of this vulnerability can lead to unauthorized access to sensitive files, potential data leakage, and remote code execution.
remediation: |
Apply the latest security patches or u
No writeups or analysis indexed.
2022-09-13
Published