Vulnerabilities > Cuppacms > Cuppacms > 2018.11.12
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2023-01-20 | CVE-2021-29368 | Session Fixation vulnerability in Cuppacms Session fixation vulnerability in CuppaCMS thru commit 4c9b742b23b924cf4c1f943f48b278e06a17e297 on November 12, 2019 allows attackers to gain access to arbitrary user sessions. | 8.8 |
2020-10-05 | CVE-2020-26048 | Unrestricted Upload of File with Dangerous Type vulnerability in Cuppacms The file manager option in CuppaCMS before 2019-11-12 allows an authenticated attacker to upload a malicious file within an image extension and through a custom request using the rename function provided by the file manager is able to modify the image extension into PHP resulting in remote arbitrary code execution. | 6.5 |