Vulnerabilities > Cuppacms

DATE CVE VULNERABILITY TITLE RISK
2022-04-26 CVE-2022-27984 SQL Injection vulnerability in Cuppacms 1.0
CuppaCMS v1.0 was discovered to contain a SQL injection vulnerability via the menu_filter parameter at /administrator/templates/default/html/windows/right.php.
network
low complexity
cuppacms CWE-89
7.5
2022-04-26 CVE-2022-27985 SQL Injection vulnerability in Cuppacms 1.0
CuppaCMS v1.0 was discovered to contain a SQL injection vulnerability via /administrator/alerts/alertLightbox.php.
network
low complexity
cuppacms CWE-89
7.5
2022-03-15 CVE-2022-25485 Inclusion of Functionality from Untrusted Control Sphere vulnerability in Cuppacms 1.0
CuppaCMS v1.0 was discovered to contain a local file inclusion via the url parameter in /alerts/alertLightbox.php.
network
cuppacms CWE-829
6.8
2022-03-15 CVE-2022-25486 Inclusion of Functionality from Untrusted Control Sphere vulnerability in Cuppacms 1.0
CuppaCMS v1.0 was discovered to contain a local file inclusion via the url parameter in /alerts/alertConfigField.php.
network
cuppacms CWE-829
6.8
2022-03-15 CVE-2022-25495 Unrestricted Upload of File with Dangerous Type vulnerability in Cuppacms 1.0
The component /jquery_file_upload/server/php/index.php of CuppaCMS v1.0 allows attackers to upload arbitrary files and execute arbitrary code via a crafted PHP file.
network
low complexity
cuppacms CWE-434
7.5
2022-03-15 CVE-2022-25497 Files or Directories Accessible to External Parties vulnerability in Cuppacms 1.0
CuppaCMS v1.0 was discovered to contain an arbitrary file read via the copy function.
network
low complexity
cuppacms CWE-552
5.0
2022-03-15 CVE-2022-25498 Improper Input Validation vulnerability in Cuppacms 1.0
CuppaCMS v1.0 was discovered to contain a remote code execution (RCE) vulnerability via the saveConfigData function in /classes/ajax/Functions.php.
network
low complexity
cuppacms CWE-20
7.5
2022-02-24 CVE-2022-25401 Unspecified vulnerability in Cuppacms 1.0
The copy function of the file manager in Cuppa CMS v1.0 allows any file to be copied to the current directory, granting attackers read access to arbitrary files.
network
low complexity
cuppacms
5.0
2022-02-10 CVE-2022-24647 Path Traversal vulnerability in Cuppacms 1.0
Cuppa CMS v1.0 was discovered to contain an arbitrary file deletion vulnerability via the unlink() function.
network
low complexity
cuppacms CWE-22
5.5
2022-01-31 CVE-2022-24264 SQL Injection vulnerability in Cuppacms 1.0
Cuppa CMS v1.0 was discovered to contain a SQL injection vulnerability in /administrator/components/table_manager/ via the search_word parameter.
network
low complexity
cuppacms CWE-89
7.8