CVE-2022-24265
Description
Cuppa CMS v1.0 was discovered to contain a SQL injection vulnerability in /administrator/components/menu/ via the path=component/menu/&menu_filter=3 parameter.
References
Third Party Advisory
ExploitThird Party Advisory
CvssV3 impact
Version | 3.1 |
VectorString | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N |
AttackVector | NETWORK |
AttackComplexity | LOW |
PrivilegesRequired | NONE |
UserInteraction | NONE |
Scope | UNCHANGED |
ConfidentialityImpact | HIGH |
IntegrityImpact | NONE |
AvailabilityImpact | NONE |
BaseScore | 7.5 |
BaseSeverity | HIGH |
CvssV2 impact
Version | 2.0 |
VectorString | AV:N/AC:L/Au:N/C:C/I:N/A:N |
AccessVector | NETWORK |
AccessComplexity | LOW |
Authentication | NONE |
ConfidentialityImpact | COMPLETE |
IntegrityImpact | NONE |
AvailabilityImpact | NONE |
BaseScore | 7.800000190734863 |