HomePentest-Tools.com Logo

Cuppa CMS v1.0 - Local File Inclusion CVE-2022-25485

Severity
CVSSv3 Score
7.8
Vulnerability description

CuppaCMS v1.0 was discovered to contain a local file inclusion via the url parameter in /alerts/alertLightbox.php.\n

Risk description

The risk exists that a remote unauthenticated attacker could exploit this vulnerability to read sensitive information from arbitrary files located on the file system of the server.

Recommendation

Upgrade to the latest version of Cuppa CMS or apply the vendor-provided patch to fix the LFI vulnerability.

Codename
Not available
Detectable with
Network Scanner
Scan engine
Nuclei
Exploitable with Sniper
No
CVE Published
Mar 15, 2022
Detection added at
Software Type
Not available
Vendor
Not available
Product
Not available