CVE-2022-37191

Published September 13th, 2022

View on NVD ↗

CVSS v3

6.5

MEDIUM

CVSS v2

N/A

Affected

PROJECT

Description

The component "cuppa/api/index.php" of CuppaCMS v1.0 is Vulnerable to LFI. An authenticated user can read system files via crafted POST request using [function] parameter value as LFI payload.

CuppaCMS/CuppaCMS

Cuppa is a project open source, that seeks offer a adaptable CMS to any project (news or exist developments, web, desktop or mobile project) that don't have a Content Manager System and need implement one without realize heavy migration processes, nor take hours learning new, complex structures and methodologies.

GitHub