Vulnerabilities > Cuppacms
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2022-03-15 | CVE-2022-25485 | Inclusion of Functionality from Untrusted Control Sphere vulnerability in Cuppacms 1.0 CuppaCMS v1.0 was discovered to contain a local file inclusion via the url parameter in /alerts/alertLightbox.php. | 7.8 |
| 2022-03-15 | CVE-2022-25486 | Inclusion of Functionality from Untrusted Control Sphere vulnerability in Cuppacms 1.0 CuppaCMS v1.0 was discovered to contain a local file inclusion via the url parameter in /alerts/alertConfigField.php. | 7.8 |
| 2022-03-15 | CVE-2022-25495 | Unrestricted Upload of File with Dangerous Type vulnerability in Cuppacms 1.0 The component /jquery_file_upload/server/php/index.php of CuppaCMS v1.0 allows attackers to upload arbitrary files and execute arbitrary code via a crafted PHP file. | 9.8 |
| 2022-03-15 | CVE-2022-25497 | Files or Directories Accessible to External Parties vulnerability in Cuppacms 1.0 CuppaCMS v1.0 was discovered to contain an arbitrary file read via the copy function. | 5.3 |
| 2022-03-15 | CVE-2022-25498 | Code Injection vulnerability in Cuppacms 1.0 CuppaCMS v1.0 was discovered to contain a remote code execution (RCE) vulnerability via the saveConfigData function in /classes/ajax/Functions.php. | 9.8 |
| 2022-02-24 | CVE-2022-25401 | Unspecified vulnerability in Cuppacms 1.0 The copy function of the file manager in Cuppa CMS v1.0 allows any file to be copied to the current directory, granting attackers read access to arbitrary files. | 7.5 |
| 2022-02-10 | CVE-2022-24647 | Path Traversal vulnerability in Cuppacms 1.0 Cuppa CMS v1.0 was discovered to contain an arbitrary file deletion vulnerability via the unlink() function. | 8.1 |
| 2022-01-31 | CVE-2022-24264 | SQL Injection vulnerability in Cuppacms 1.0 Cuppa CMS v1.0 was discovered to contain a SQL injection vulnerability in /administrator/components/table_manager/ via the search_word parameter. | 7.5 |
| 2022-01-31 | CVE-2022-24265 | SQL Injection vulnerability in Cuppacms 1.0 Cuppa CMS v1.0 was discovered to contain a SQL injection vulnerability in /administrator/components/menu/ via the path=component/menu/&menu_filter=3 parameter. | 7.5 |
| 2022-01-31 | CVE-2022-24266 | SQL Injection vulnerability in Cuppacms 1.0 Cuppa CMS v1.0 was discovered to contain a SQL injection vulnerability in /administrator/components/table_manager/ via the order_by parameter. | 7.5 |