Vulnerabilities > Cuppacms

DATE CVE VULNERABILITY TITLE RISK
2023-12-20 CVE-2023-47990 SQL Injection vulnerability in Cuppacms 1.0
SQL Injection vulnerability in components/table_manager/html/edit_admin_table.php in CuppaCMS V1.0 allows attackers to run arbitrary SQL commands via the table parameter.
network
low complexity
cuppacms CWE-89
critical
9.8
2023-09-05 CVE-2023-39681 Code Injection vulnerability in Cuppacms 1.0
Cuppa CMS v1.0 was discovered to contain a remote code execution (RCE) vulnerability via the email_outgoing parameter at /Configuration.php.
network
low complexity
cuppacms CWE-94
critical
9.8
2023-01-20 CVE-2021-29368 Session Fixation vulnerability in Cuppacms
Session fixation vulnerability in CuppaCMS thru commit 4c9b742b23b924cf4c1f943f48b278e06a17e297 on November 12, 2019 allows attackers to gain access to arbitrary user sessions.
network
low complexity
cuppacms CWE-384
8.8
2022-09-13 CVE-2022-37190 Unspecified vulnerability in Cuppacms 1.0
CuppaCMS 1.0 is vulnerable to Remote Code Execution (RCE).
network
low complexity
cuppacms
8.8
2022-04-26 CVE-2022-27984 SQL Injection vulnerability in Cuppacms 1.0
CuppaCMS v1.0 was discovered to contain a SQL injection vulnerability via the menu_filter parameter at /administrator/templates/default/html/windows/right.php.
network
low complexity
cuppacms CWE-89
7.5
2022-04-26 CVE-2022-27985 SQL Injection vulnerability in Cuppacms 1.0
CuppaCMS v1.0 was discovered to contain a SQL injection vulnerability via /administrator/alerts/alertLightbox.php.
network
low complexity
cuppacms CWE-89
7.5
2022-03-15 CVE-2022-25485 Inclusion of Functionality from Untrusted Control Sphere vulnerability in Cuppacms 1.0
CuppaCMS v1.0 was discovered to contain a local file inclusion via the url parameter in /alerts/alertLightbox.php.
network
cuppacms CWE-829
6.8
2022-03-15 CVE-2022-25486 Inclusion of Functionality from Untrusted Control Sphere vulnerability in Cuppacms 1.0
CuppaCMS v1.0 was discovered to contain a local file inclusion via the url parameter in /alerts/alertConfigField.php.
local
low complexity
cuppacms CWE-829
7.8
2022-03-15 CVE-2022-25495 Unrestricted Upload of File with Dangerous Type vulnerability in Cuppacms 1.0
The component /jquery_file_upload/server/php/index.php of CuppaCMS v1.0 allows attackers to upload arbitrary files and execute arbitrary code via a crafted PHP file.
network
low complexity
cuppacms CWE-434
7.5
2022-03-15 CVE-2022-25497 Files or Directories Accessible to External Parties vulnerability in Cuppacms 1.0
CuppaCMS v1.0 was discovered to contain an arbitrary file read via the copy function.
network
low complexity
cuppacms CWE-552
5.0