Vulnerabilities > Cuppacms > Critical
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2023-12-20 | CVE-2023-47990 | SQL Injection vulnerability in Cuppacms 1.0 SQL Injection vulnerability in components/table_manager/html/edit_admin_table.php in CuppaCMS V1.0 allows attackers to run arbitrary SQL commands via the table parameter. | 9.8 |
| 2023-09-05 | CVE-2023-39681 | Code Injection vulnerability in Cuppacms 1.0 Cuppa CMS v1.0 was discovered to contain a remote code execution (RCE) vulnerability via the email_outgoing parameter at /Configuration.php. | 9.8 |
| 2022-09-12 | CVE-2022-38296 | Unrestricted Upload of File with Dangerous Type vulnerability in Cuppacms 1.0 Cuppa CMS v1.0 was discovered to contain an arbitrary file upload vulnerability via the File Manager. | 9.8 |
| 2022-04-26 | CVE-2022-27984 | SQL Injection vulnerability in Cuppacms 1.0 CuppaCMS v1.0 was discovered to contain a SQL injection vulnerability via the menu_filter parameter at /administrator/templates/default/html/windows/right.php. | 9.8 |
| 2022-04-26 | CVE-2022-27985 | SQL Injection vulnerability in Cuppacms 1.0 CuppaCMS v1.0 was discovered to contain a SQL injection vulnerability via /administrator/alerts/alertLightbox.php. | 9.8 |
| 2022-03-15 | CVE-2022-25495 | Unrestricted Upload of File with Dangerous Type vulnerability in Cuppacms 1.0 The component /jquery_file_upload/server/php/index.php of CuppaCMS v1.0 allows attackers to upload arbitrary files and execute arbitrary code via a crafted PHP file. | 9.8 |
| 2022-03-15 | CVE-2022-25498 | Code Injection vulnerability in Cuppacms 1.0 CuppaCMS v1.0 was discovered to contain a remote code execution (RCE) vulnerability via the saveConfigData function in /classes/ajax/Functions.php. | 9.8 |
| 2018-11-26 | CVE-2018-19559 | SQL Injection vulnerability in Cuppacms CuppaCMS before 2018-11-12 has SQL Injection in administrator/classes/ajax/functions.php via the reference_id parameter. | 9.8 |