Cuppacms

cuppacms

Vendor: Cuppacms • 25 CVEs

CVEs (25)

CVE VENDORS PRODUCTS UPDATED PUBLISHED CVSS
CVE-2023-47990 1Cuppacms 1Cuppacms Nov 21, 2024 Dec 20, 2023 N/A· v4 9.8 CRITICAL· v3 N/A· v2 SQL Injection vulnerability in components/table_manager/html/edit_admin_table.php in CuppaCMS V1.0 allows attackers to run arbitrary SQL commands via the table parameter.
CVE-2023-39681 1Cuppacms 1Cuppacms Nov 21, 2024 Sep 5, 2023 N/A· v4 9.8 CRITICAL· v3 N/A· v2 Cuppa CMS v1.0 was discovered to contain a remote code execution (RCE) vulnerability via the email_outgoing parameter at /Configuration.php. This vulnerability is triggered via a crafted payload.
CVE-2021-29368 1Cuppacms 1Cuppacms Apr 3, 2025 Jan 20, 2023 N/A· v4 8.8 HIGH· v3 N/A· v2 Session fixation vulnerability in CuppaCMS thru commit 4c9b742b23b924cf4c1f943f48b278e06a17e297 on November 12, 2019 allows attackers to gain access to arbitrary user sessions.
CVE-2022-37191 1Cuppacms 1Cuppacms Nov 21, 2024 Sep 13, 2022 N/A· v4 6.5 MEDIUM· v3 N/A· v2 The component "cuppa/api/index.php" of CuppaCMS v1.0 is Vulnerable to LFI. An authenticated user can read system files via crafted POST request using [function] parameter value as LFI payload.
CVE-2022-37190 1Cuppacms 1Cuppacms Nov 21, 2024 Sep 13, 2022 N/A· v4 8.8 HIGH· v3 N/A· v2 CuppaCMS 1.0 is vulnerable to Remote Code Execution (RCE). An authenticated user can control both parameters (action and function) from "/api/index.php.
CVE-2022-38296 1Cuppacms 1Cuppacms Nov 21, 2024 Sep 12, 2022 N/A· v4 9.8 CRITICAL· v3 N/A· v2 Cuppa CMS v1.0 was discovered to contain an arbitrary file upload vulnerability via the File Manager.
CVE-2022-38295 1Cuppacms 1Cuppacms Nov 21, 2024 Sep 12, 2022 N/A· v4 6.1 MEDIUM· v3 N/A· v2 Cuppa CMS v1.0 was discovered to contain a cross-site scripting vulnerability at /table_manager/view/cu_user_groups. This vulnerability allows attackers to execute arbitrary web scripts or HTML via a crafted payload inje...Show more Cuppa CMS v1.0 was discovered to contain a cross-site scripting vulnerability at /table_manager/view/cu_user_groups. This vulnerability allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Name field under the Add New Group function.Show less
CVE-2022-34121 1Cuppacms 1Cuppacms Nov 21, 2024 Jul 27, 2022 N/A· v4 7.5 HIGH· v3 N/A· v2 Cuppa CMS v1.0 was discovered to contain a local file inclusion (LFI) vulnerability via the component /templates/default/html/windows/right.php.
CVE-2022-27985 1Cuppacms 1Cuppacms Nov 21, 2024 Apr 26, 2022 N/A· v4 9.8 CRITICAL· v3 7.5 HIGH· v2 CuppaCMS v1.0 was discovered to contain a SQL injection vulnerability via /administrator/alerts/alertLightbox.php.
CVE-2022-27984 1Cuppacms 1Cuppacms Nov 21, 2024 Apr 26, 2022 N/A· v4 9.8 CRITICAL· v3 7.5 HIGH· v2 CuppaCMS v1.0 was discovered to contain a SQL injection vulnerability via the menu_filter parameter at /administrator/templates/default/html/windows/right.php.
CVE-2022-25498 1Cuppacms 1Cuppacms Nov 21, 2024 Mar 15, 2022 N/A· v4 9.8 CRITICAL· v3 7.5 HIGH· v2 CuppaCMS v1.0 was discovered to contain a remote code execution (RCE) vulnerability via the saveConfigData function in /classes/ajax/Functions.php.
CVE-2022-25497 1Cuppacms 1Cuppacms Nov 21, 2024 Mar 15, 2022 N/A· v4 5.3 MEDIUM· v3 5.0 MEDIUM· v2 CuppaCMS v1.0 was discovered to contain an arbitrary file read via the copy function.
CVE-2022-25495 1Cuppacms 1Cuppacms Nov 21, 2024 Mar 15, 2022 N/A· v4 9.8 CRITICAL· v3 7.5 HIGH· v2 The component /jquery_file_upload/server/php/index.php of CuppaCMS v1.0 allows attackers to upload arbitrary files and execute arbitrary code via a crafted PHP file.
CVE-2022-25486 1Cuppacms 1Cuppacms Nov 21, 2024 Mar 15, 2022 N/A· v4 7.8 HIGH· v3 6.8 MEDIUM· v2 CuppaCMS v1.0 was discovered to contain a local file inclusion via the url parameter in /alerts/alertConfigField.php.
CVE-2022-25485 1Cuppacms 1Cuppacms Nov 21, 2024 Mar 15, 2022 N/A· v4 7.8 HIGH· v3 6.8 MEDIUM· v2 CuppaCMS v1.0 was discovered to contain a local file inclusion via the url parameter in /alerts/alertLightbox.php.
CVE-2022-25401 1Cuppacms 1Cuppacms Nov 21, 2024 Feb 24, 2022 N/A· v4 7.5 HIGH· v3 5.0 MEDIUM· v2 The copy function of the file manager in Cuppa CMS v1.0 allows any file to be copied to the current directory, granting attackers read access to arbitrary files.
CVE-2022-24647 1Cuppacms 1Cuppacms Nov 21, 2024 Feb 10, 2022 N/A· v4 8.1 HIGH· v3 5.5 MEDIUM· v2 Cuppa CMS v1.0 was discovered to contain an arbitrary file deletion vulnerability via the unlink() function.
CVE-2022-24266 1Cuppacms 1Cuppacms Nov 21, 2024 Jan 31, 2022 N/A· v4 7.5 HIGH· v3 7.8 HIGH· v2 Cuppa CMS v1.0 was discovered to contain a SQL injection vulnerability in /administrator/components/table_manager/ via the order_by parameter.
CVE-2022-24265 1Cuppacms 1Cuppacms Nov 21, 2024 Jan 31, 2022 N/A· v4 7.5 HIGH· v3 7.8 HIGH· v2 Cuppa CMS v1.0 was discovered to contain a SQL injection vulnerability in /administrator/components/menu/ via the path=component/menu/&menu_filter=3 parameter.
CVE-2022-24264 1Cuppacms 1Cuppacms Nov 21, 2024 Jan 31, 2022 N/A· v4 7.5 HIGH· v3 7.8 HIGH· v2 Cuppa CMS v1.0 was discovered to contain a SQL injection vulnerability in /administrator/components/table_manager/ via the search_word parameter.

12 Next