Bug Name:  Cuppa CMS v1.0 - SQL injection

Severity:   high 

Priority:  P2

Risk Level:  HIGH - 8.5/10

CVSS Score:  7.5

Description:

Cuppa CMS v1.0 was discovered to contain a SQL injection vulnerability in /administrator/components/table_manager/ via the order_by parameter.

Exploit Commands

Bash 

  curl -i -s -k -X 'POST' \
  'https://example.com/' \
  -H 'Host: example.com' \
  -H 'Content-Type: application/x-www-form-urlencoded' \
  --data-raw 'user={{username}}&password={{password}}&language=en&task=login'

⚠️ Warning: These commands are for authorized security testing only. Unauthorized access is illegal.

Thanks for reading! If you found this useful, feel free to share it with your fellow hunters. Happy hacking!