Vulnerabilities (CVE)

  1. OpenCVE
  2. Vulnerabilities (CVE)
Filtered by vendor Cuppacms Subscribe
Filtered by product Cuppacms

CVSS v3 Filter

ALL
NONE (0.0) LOW (0.1 - 3.9) MEDIUM (4.0 - 6.9) HIGH (7.0 - 8.9) CRITICAL (9.0 - 10.0)

Search

Total 14 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2023-47990 1 Cuppacms 1 Cuppacms 2023-12-27 N/A 9.8 CRITICAL
SQL Injection vulnerability in components/table_manager/html/edit_admin_table.php in CuppaCMS V1.0 allows attackers to run arbitrary SQL commands via the table parameter.
CVE-2022-25498 1 Cuppacms 1 Cuppacms 2023-08-08 7.5 HIGH 9.8 CRITICAL
CuppaCMS v1.0 was discovered to contain a remote code execution (RCE) vulnerability via the saveConfigData function in /classes/ajax/Functions.php.
CVE-2022-37190 1 Cuppacms 1 Cuppacms 2023-08-08 N/A 8.8 HIGH
CuppaCMS 1.0 is vulnerable to Remote Code Execution (RCE). An authenticated user can control both parameters (action and function) from "/api/index.php.
CVE-2021-3376 1 Cuppacms 1 Cuppacms 2022-07-12 6.5 MEDIUM 8.8 HIGH
An issue was discovered in Cuppa CMS Versions Before 31 Jan 2021 allows authenticated attackers to gain escalated privileges via a crafted POST request using the user_group_id_field parameter.
CVE-2022-27985 1 Cuppacms 1 Cuppacms 2022-05-05 7.5 HIGH 9.8 CRITICAL
CuppaCMS v1.0 was discovered to contain a SQL injection vulnerability via /administrator/alerts/alertLightbox.php.
CVE-2022-27984 1 Cuppacms 1 Cuppacms 2022-05-05 7.5 HIGH 9.8 CRITICAL
CuppaCMS v1.0 was discovered to contain a SQL injection vulnerability via the menu_filter parameter at /administrator/templates/default/html/windows/right.php.
CVE-2022-24647 1 Cuppacms 1 Cuppacms 2022-02-17 5.5 MEDIUM 8.1 HIGH
Cuppa CMS v1.0 was discovered to contain an arbitrary file deletion vulnerability via the unlink() function.
CVE-2022-24266 1 Cuppacms 1 Cuppacms 2022-02-03 7.8 HIGH 7.5 HIGH
Cuppa CMS v1.0 was discovered to contain a SQL injection vulnerability in /administrator/components/table_manager/ via the order_by parameter.
CVE-2022-24265 1 Cuppacms 1 Cuppacms 2022-02-03 7.8 HIGH 7.5 HIGH
Cuppa CMS v1.0 was discovered to contain a SQL injection vulnerability in /administrator/components/menu/ via the path=component/menu/&menu_filter=3 parameter.
CVE-2022-24264 1 Cuppacms 1 Cuppacms 2022-02-03 7.8 HIGH 7.5 HIGH
Cuppa CMS v1.0 was discovered to contain a SQL injection vulnerability in /administrator/components/table_manager/ via the search_word parameter.
CVE-2020-26048 1 Cuppacms 1 Cuppacms 2020-10-14 6.5 MEDIUM 8.8 HIGH
The file manager option in CuppaCMS before 2019-11-12 allows an authenticated attacker to upload a malicious file within an image extension and through a custom request using the rename function provided by the file manager is able to modify the image extension into PHP resulting in remote arbitrary code execution.
CVE-2018-17300 1 Cuppacms 1 Cuppacms 2019-09-16 3.5 LOW 4.8 MEDIUM
Stored XSS exists in CuppaCMS through 2018-09-03 via an administrator/#/component/table_manager/view/cu_menus section name.
CVE-2018-19918 1 Cuppacms 1 Cuppacms 2019-02-25 3.5 LOW 5.4 MEDIUM
CuppaCMS has XSS via an SVG document uploaded to the administrator/#/component/table_manager/view/cu_views URI.
CVE-2018-19559 1 Cuppacms 1 Cuppacms 2018-12-18 7.5 HIGH 9.8 CRITICAL
CuppaCMS before 2018-11-12 has SQL Injection in administrator/classes/ajax/functions.php via the reference_id parameter.