CVE-2023-50976: Transactions API Authorization by oleiman · Pull Request #14969 · redpanda-data/redpanda

CVE-2023-6905

CVE-2023-6903

CVE-2023-6904

CVE-2023-3907

Cuppa CMS v1.0 was discovered to contain a local file inclusion (LFI) vulnerability via the component /templates/default/html/windows/right.php.

**Latest commit**

**Files**

Permalink

Failed to load latest commit information.

Type

Name

Latest commit message

Commit time

**Local File Inclusion vulnerabilities in CuppaCMS templates****Vulnerability disclosed:  
**

*   CuppaCMS's latest github commit https://github.com/CuppaCMS/CuppaCMS/commit/4c9b742b23b924cf4c1f943f48b278e06a17e297 (dated Nov 12, 2019 ) and before (no version numbers) suffers from Local File Inclusion vulnerability, allowing access to system files. Script '/templates/default/html/windows/right.php' has parameter $\_POST\['url'\] that is not sanitised properly. This allows access to arbitrary files on the server.

**PoC:**

**Solution:  
**

*   TODO

Author: Mateo Hanžek

Reference: CuppaCMS/CuppaCMS#18

Headline

CVE-2022-34121: MyExploits/LFI_in_CuppaCMS_templates at main · hansmach1ne/MyExploits

CVE: Latest News