Cuppacms

cuppacms

25 CVEs • 1 product

Products (1)

Click to collapse

Toggle

CVEs (25)

CVE VENDORS PRODUCTS UPDATED PUBLISHED CVSS
CVE-2021-3376 1Cuppacms 1Cuppacms Nov 21, 2024 Dec 14, 2021 N/A· v4 8.8 HIGH· v3 6.5 MEDIUM· v2 An issue was discovered in Cuppa CMS Versions Before 31 Jan 2021 allows authenticated attackers to gain escalated privileges via a crafted POST request using the user_group_id_field parameter.
CVE-2020-26048 1Cuppacms 1Cuppacms Nov 21, 2024 Oct 5, 2020 N/A· v4 8.8 HIGH· v3 6.5 MEDIUM· v2 The file manager option in CuppaCMS before 2019-11-12 allows an authenticated attacker to upload a malicious file within an image extension and through a custom request using the rename function provided by the file mana...Show more The file manager option in CuppaCMS before 2019-11-12 allows an authenticated attacker to upload a malicious file within an image extension and through a custom request using the rename function provided by the file manager is able to modify the image extension into PHP resulting in remote arbitrary code execution.Show less
CVE-2018-19918 1Cuppacms 1Cuppacms May 6, 2025 Dec 31, 2018 N/A· v4 5.4 MEDIUM· v3 3.5 LOW· v2 CuppaCMS has XSS via an SVG document uploaded to the administrator/#/component/table_manager/view/cu_views URI.
CVE-2018-19559 1Cuppacms 1Cuppacms Nov 21, 2024 Nov 26, 2018 N/A· v4 9.8 CRITICAL· v3 7.5 HIGH· v2 CuppaCMS before 2018-11-12 has SQL Injection in administrator/classes/ajax/functions.php via the reference_id parameter.
CVE-2018-17300 1Cuppacms 1Cuppacms Nov 21, 2024 Sep 21, 2018 N/A· v4 4.8 MEDIUM· v3 3.5 LOW· v2 Stored XSS exists in CuppaCMS through 2018-09-03 via an administrator/#/component/table_manager/view/cu_menus section name.