Vulnerabilities > Cuppacms
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2022-03-15 | CVE-2022-25498 | Code Injection vulnerability in Cuppacms 1.0 CuppaCMS v1.0 was discovered to contain a remote code execution (RCE) vulnerability via the saveConfigData function in /classes/ajax/Functions.php. | 9.8 |
| 2022-02-24 | CVE-2022-25401 | Unspecified vulnerability in Cuppacms 1.0 The copy function of the file manager in Cuppa CMS v1.0 allows any file to be copied to the current directory, granting attackers read access to arbitrary files. | 5.0 |
| 2022-02-10 | CVE-2022-24647 | Path Traversal vulnerability in Cuppacms 1.0 Cuppa CMS v1.0 was discovered to contain an arbitrary file deletion vulnerability via the unlink() function. | 5.5 |
| 2022-01-31 | CVE-2022-24264 | SQL Injection vulnerability in Cuppacms 1.0 Cuppa CMS v1.0 was discovered to contain a SQL injection vulnerability in /administrator/components/table_manager/ via the search_word parameter. | 7.8 |
| 2022-01-31 | CVE-2022-24265 | SQL Injection vulnerability in Cuppacms 1.0 Cuppa CMS v1.0 was discovered to contain a SQL injection vulnerability in /administrator/components/menu/ via the path=component/menu/&menu_filter=3 parameter. | 7.8 |
| 2022-01-31 | CVE-2022-24266 | SQL Injection vulnerability in Cuppacms 1.0 Cuppa CMS v1.0 was discovered to contain a SQL injection vulnerability in /administrator/components/table_manager/ via the order_by parameter. | 7.8 |
| 2021-12-14 | CVE-2021-3376 | Unspecified vulnerability in Cuppacms An issue was discovered in Cuppa CMS Versions Before 31 Jan 2021 allows authenticated attackers to gain escalated privileges via a crafted POST request using the user_group_id_field parameter. | 6.5 |
| 2020-10-05 | CVE-2020-26048 | Unrestricted Upload of File with Dangerous Type vulnerability in Cuppacms The file manager option in CuppaCMS before 2019-11-12 allows an authenticated attacker to upload a malicious file within an image extension and through a custom request using the rename function provided by the file manager is able to modify the image extension into PHP resulting in remote arbitrary code execution. | 6.5 |
| 2018-12-31 | CVE-2018-19918 | Cross-site Scripting vulnerability in Cuppacms CuppaCMS has XSS via an SVG document uploaded to the administrator/#/component/table_manager/view/cu_views URI. | 3.5 |
| 2018-11-26 | CVE-2018-19559 | SQL Injection vulnerability in Cuppacms CuppaCMS before 2018-11-12 has SQL Injection in administrator/classes/ajax/functions.php via the reference_id parameter. | 7.5 |