Vulnerabilities > Cuppacms

DATE	CVE	VULNERABILITY TITLE	RISK
2023-12-20	CVE-2023-47990	SQL Injection vulnerability in Cuppacms 1.0 SQL Injection vulnerability in components/table_manager/html/edit_admin_table.php in CuppaCMS V1.0 allows attackers to run arbitrary SQL commands via the table parameter. network low complexity cuppacms CWE-89 critical	9.8
2023-09-05	CVE-2023-39681	Code Injection vulnerability in Cuppacms 1.0 Cuppa CMS v1.0 was discovered to contain a remote code execution (RCE) vulnerability via the email_outgoing parameter at /Configuration.php. network low complexity cuppacms CWE-94 critical	9.8
2023-01-20	CVE-2021-29368	Session Fixation vulnerability in Cuppacms Session fixation vulnerability in CuppaCMS thru commit 4c9b742b23b924cf4c1f943f48b278e06a17e297 on November 12, 2019 allows attackers to gain access to arbitrary user sessions. network low complexity cuppacms CWE-384	8.8
2022-09-13	CVE-2022-37190	Unspecified vulnerability in Cuppacms 1.0 CuppaCMS 1.0 is vulnerable to Remote Code Execution (RCE). network low complexity cuppacms	8.8
2022-09-13	CVE-2022-37191	Inclusion of Functionality from Untrusted Control Sphere vulnerability in Cuppacms 1.0 The component "cuppa/api/index.php" of CuppaCMS v1.0 is Vulnerable to LFI. network low complexity cuppacms CWE-829	6.5
2022-09-12	CVE-2022-38295	Cross-site Scripting vulnerability in Cuppacms 1.0 Cuppa CMS v1.0 was discovered to contain a cross-site scripting vulnerability at /table_manager/view/cu_user_groups. network low complexity cuppacms CWE-79	6.1
2022-09-12	CVE-2022-38296	Unrestricted Upload of File with Dangerous Type vulnerability in Cuppacms 1.0 Cuppa CMS v1.0 was discovered to contain an arbitrary file upload vulnerability via the File Manager. network low complexity cuppacms CWE-434 critical	9.8
2022-07-27	CVE-2022-34121	Inclusion of Functionality from Untrusted Control Sphere vulnerability in Cuppacms 1.0 Cuppa CMS v1.0 was discovered to contain a local file inclusion (LFI) vulnerability via the component /templates/default/html/windows/right.php. network low complexity cuppacms CWE-829	7.5
2022-04-26	CVE-2022-27984	SQL Injection vulnerability in Cuppacms 1.0 CuppaCMS v1.0 was discovered to contain a SQL injection vulnerability via the menu_filter parameter at /administrator/templates/default/html/windows/right.php. network low complexity cuppacms CWE-89 critical	9.8
2022-04-26	CVE-2022-27985	SQL Injection vulnerability in Cuppacms 1.0 CuppaCMS v1.0 was discovered to contain a SQL injection vulnerability via /administrator/alerts/alertLightbox.php. network low complexity cuppacms CWE-89 critical	9.8

Vulnerabilities > Cuppacms {"@context":"https://schema.org","@type":"BreadcrumbList","itemListElement":[{"@type":"ListItem","position":1,"name":"Vulnerabilities","item":"https://cyber.vumetric.com/vulns/"},{"@type":"ListItem","position":2,"name":"Cuppacms"}]}

Vulnerabilities > Cuppacms