PT-2022-17264 · Cuppacms · Cuppacms

Published

2022-02-23

Updated

2022-03-03

CVE-2022-25401

CVSS v3.1

7.5

High

Vector

AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Name of the Vulnerable Software and Affected Versions Cuppa CMS version 1.0

Description The issue allows attackers to gain read access to arbitrary files by copying any file to the current directory using the copy function of the file manager.

Recommendations For Cuppa CMS version 1.0, consider restricting access to the copy function of the file manager to prevent attackers from copying arbitrary files to the current directory. As a temporary workaround, consider disabling the copy function until a patch is available.

Exploit

Fix

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Related Identifiers

CVE-2022-25401

Affected Products

Cuppacms

PT-2022-17264 · Cuppacms · Cuppacms

CVE-2022-25401

Related Identifiers

Affected Products

References · 5