PT-2022-24346 · Cuppacms · Cuppacms
4Dministrat0R
+3
·
Published
2022-09-12
·
Updated
2022-09-15
·
CVE-2022-38296
CVSS v3.1
9.8
Critical
| Vector | AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H |
Name of the Vulnerable Software and Affected Versions
Cuppa CMS version 1.0
Description
The issue is related to an arbitrary file upload vulnerability via the File Manager. This allows for potential malicious file uploads.
Recommendations
For Cuppa CMS version 1.0, consider disabling the File Manager until a patch is available to prevent exploitation of the arbitrary file upload vulnerability. Restrict access to the File Manager to minimize the risk of malicious file uploads.
Exploit
Fix
Unrestricted File Upload
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Cuppacms