Vulnerability in N/a

CVE-2022-25486

CuppaCMS v1.0 was discovered to contain a local file inclusion via the url parameter in /alerts/alertConfigField.php.

EPSS: 0.659 (98.5th percentile) — read the EPSS interpretation.

Affected products

N/a — versions n/a

Public proof-of-concept exploits

ARPSyndicate/cvemon

References

github.com/CuppaCMS/CuppaCMS/issues/25 (x_refsource_MISC)
github.com/hansmach1ne/MyExploits/tree/main/Multiple_LFIs_in_CuppaCMS_alerts (x_refsource_MISC)
github.com/CuppaCMS/CuppaCMS/issues/15 (x_refsource_MISC)

Frequently asked questions

What is CVE-2022-25486?: CVE-2022-25486 is a vulnerability in N/a. Published 2022-03-15.
Is CVE-2022-25486 known to be exploited?: 1 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.