Inclusion of Functionality from Untrusted Control Sphere
CVE-2022-34121
Summary
Cuppa CMS v1.0 was discovered to contain a local file inclusion (LFI) vulnerability via the component /templates/default/html/windows/right.php.
- LOW
- NETWORK
- NONE
- UNCHANGED
- NONE
- NONE
- HIGH
- NONE
CWE-829 - Inclusion of Functionality from Untrusted Control Sphere
The software imports, requires, or includes executable functionality (such as a library) from a source that is outside of the intended control sphere.
References
Advisory Timeline
- Published