Vulnerabilities > Cuppacms > Critical

DATE CVE VULNERABILITY TITLE RISK
2023-12-20 CVE-2023-47990 SQL Injection vulnerability in Cuppacms 1.0
SQL Injection vulnerability in components/table_manager/html/edit_admin_table.php in CuppaCMS V1.0 allows attackers to run arbitrary SQL commands via the table parameter.
network
low complexity
cuppacms CWE-89
critical
 9.8
9.8
2023-09-05 CVE-2023-39681 Code Injection vulnerability in Cuppacms 1.0
Cuppa CMS v1.0 was discovered to contain a remote code execution (RCE) vulnerability via the email_outgoing parameter at /Configuration.php.
network
low complexity
cuppacms CWE-94
critical
 9.8
9.8
2022-03-15 CVE-2022-25498 Code Injection vulnerability in Cuppacms 1.0
CuppaCMS v1.0 was discovered to contain a remote code execution (RCE) vulnerability via the saveConfigData function in /classes/ajax/Functions.php.
network
low complexity
cuppacms CWE-94
critical
 9.8
9.8