Search
Total
7 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2022-37190 | 1 Cuppacms | 1 Cuppacms | 2023-08-08 | N/A | 8.8 HIGH |
| CuppaCMS 1.0 is vulnerable to Remote Code Execution (RCE). An authenticated user can control both parameters (action and function) from "/api/index.php. | |||||
| CVE-2021-3376 | 1 Cuppacms | 1 Cuppacms | 2022-07-12 | 6.5 MEDIUM | 8.8 HIGH |
| An issue was discovered in Cuppa CMS Versions Before 31 Jan 2021 allows authenticated attackers to gain escalated privileges via a crafted POST request using the user_group_id_field parameter. | |||||
| CVE-2022-24647 | 1 Cuppacms | 1 Cuppacms | 2022-02-17 | 5.5 MEDIUM | 8.1 HIGH |
| Cuppa CMS v1.0 was discovered to contain an arbitrary file deletion vulnerability via the unlink() function. | |||||
| CVE-2022-24266 | 1 Cuppacms | 1 Cuppacms | 2022-02-03 | 7.8 HIGH | 7.5 HIGH |
| Cuppa CMS v1.0 was discovered to contain a SQL injection vulnerability in /administrator/components/table_manager/ via the order_by parameter. | |||||
| CVE-2022-24265 | 1 Cuppacms | 1 Cuppacms | 2022-02-03 | 7.8 HIGH | 7.5 HIGH |
| Cuppa CMS v1.0 was discovered to contain a SQL injection vulnerability in /administrator/components/menu/ via the path=component/menu/&menu_filter=3 parameter. | |||||
| CVE-2022-24264 | 1 Cuppacms | 1 Cuppacms | 2022-02-03 | 7.8 HIGH | 7.5 HIGH |
| Cuppa CMS v1.0 was discovered to contain a SQL injection vulnerability in /administrator/components/table_manager/ via the search_word parameter. | |||||
| CVE-2020-26048 | 1 Cuppacms | 1 Cuppacms | 2020-10-14 | 6.5 MEDIUM | 8.8 HIGH |
| The file manager option in CuppaCMS before 2019-11-12 allows an authenticated attacker to upload a malicious file within an image extension and through a custom request using the rename function provided by the file manager is able to modify the image extension into PHP resulting in remote arbitrary code execution. | |||||