Vulnerabilities > Cuppacms > Cuppacms > 1.0
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2023-12-20 | CVE-2023-47990 | SQL Injection vulnerability in Cuppacms 1.0 SQL Injection vulnerability in components/table_manager/html/edit_admin_table.php in CuppaCMS V1.0 allows attackers to run arbitrary SQL commands via the table parameter. | 9.8 |
| 2023-09-05 | CVE-2023-39681 | Code Injection vulnerability in Cuppacms 1.0 Cuppa CMS v1.0 was discovered to contain a remote code execution (RCE) vulnerability via the email_outgoing parameter at /Configuration.php. | 9.8 |
| 2023-01-20 | CVE-2021-29368 | Session Fixation vulnerability in Cuppacms Session fixation vulnerability in CuppaCMS thru commit 4c9b742b23b924cf4c1f943f48b278e06a17e297 on November 12, 2019 allows attackers to gain access to arbitrary user sessions. | 8.8 |
| 2022-09-13 | CVE-2022-37190 | Unspecified vulnerability in Cuppacms 1.0 CuppaCMS 1.0 is vulnerable to Remote Code Execution (RCE). | 8.8 |
| 2022-04-26 | CVE-2022-27984 | SQL Injection vulnerability in Cuppacms 1.0 CuppaCMS v1.0 was discovered to contain a SQL injection vulnerability via the menu_filter parameter at /administrator/templates/default/html/windows/right.php. | 7.5 |
| 2022-04-26 | CVE-2022-27985 | SQL Injection vulnerability in Cuppacms 1.0 CuppaCMS v1.0 was discovered to contain a SQL injection vulnerability via /administrator/alerts/alertLightbox.php. | 7.5 |
| 2022-03-15 | CVE-2022-25485 | Inclusion of Functionality from Untrusted Control Sphere vulnerability in Cuppacms 1.0 CuppaCMS v1.0 was discovered to contain a local file inclusion via the url parameter in /alerts/alertLightbox.php. | 6.8 |
| 2022-03-15 | CVE-2022-25486 | Inclusion of Functionality from Untrusted Control Sphere vulnerability in Cuppacms 1.0 CuppaCMS v1.0 was discovered to contain a local file inclusion via the url parameter in /alerts/alertConfigField.php. | 7.8 |
| 2022-03-15 | CVE-2022-25495 | Unrestricted Upload of File with Dangerous Type vulnerability in Cuppacms 1.0 The component /jquery_file_upload/server/php/index.php of CuppaCMS v1.0 allows attackers to upload arbitrary files and execute arbitrary code via a crafted PHP file. | 7.5 |
| 2022-03-15 | CVE-2022-25497 | Files or Directories Accessible to External Parties vulnerability in Cuppacms 1.0 CuppaCMS v1.0 was discovered to contain an arbitrary file read via the copy function. | 5.0 |