CVE-2022-25401

Description

The copy function of the file manager in Cuppa CMS v1.0 allows any file to be copied to the current directory, granting attackers read access to arbitrary files.

Related CPE's

a cuppacms cuppacms 1.0 *******

References

https://github.com/dota-st/Vulnerability/blob/master/CuppaCMS/CuppaCMS_second.md

ExploitThird Party Advisory

CvssV3 impact

BaseSeverity	HIGH
ConfidentialityImpact	HIGH
AttackComplexity	LOW
Scope	UNCHANGED
AttackVector	NETWORK
AvailabilityImpact	NONE
IntegrityImpact	NONE
PrivilegesRequired	NONE
BaseScore	7.5
VectorString	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
Version	3.1
UserInteraction	NONE

CvssV2 impact

AccessComplexity	LOW
ConfidentialityImpact	PARTIAL
AvailabilityImpact	NONE
IntegrityImpact	NONE
BaseScore	5
VectorString	AV:N/AC:L/Au:N/C:P/I:N/A:N
Version	2.0
AccessVector	NETWORK
Authentication	NONE

Created by Yello

About Severity.io