Vulnerabilities > Cuppacms > High
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2023-01-20 | CVE-2021-29368 | Session Fixation vulnerability in Cuppacms Session fixation vulnerability in CuppaCMS thru commit 4c9b742b23b924cf4c1f943f48b278e06a17e297 on November 12, 2019 allows attackers to gain access to arbitrary user sessions. | 8.8 |
| 2022-09-13 | CVE-2022-37190 | Unspecified vulnerability in Cuppacms 1.0 CuppaCMS 1.0 is vulnerable to Remote Code Execution (RCE). | 8.8 |
| 2022-04-26 | CVE-2022-27984 | SQL Injection vulnerability in Cuppacms 1.0 CuppaCMS v1.0 was discovered to contain a SQL injection vulnerability via the menu_filter parameter at /administrator/templates/default/html/windows/right.php. | 7.5 |
| 2022-04-26 | CVE-2022-27985 | SQL Injection vulnerability in Cuppacms 1.0 CuppaCMS v1.0 was discovered to contain a SQL injection vulnerability via /administrator/alerts/alertLightbox.php. | 7.5 |
| 2022-03-15 | CVE-2022-25486 | Inclusion of Functionality from Untrusted Control Sphere vulnerability in Cuppacms 1.0 CuppaCMS v1.0 was discovered to contain a local file inclusion via the url parameter in /alerts/alertConfigField.php. | 7.8 |
| 2022-03-15 | CVE-2022-25495 | Unrestricted Upload of File with Dangerous Type vulnerability in Cuppacms 1.0 The component /jquery_file_upload/server/php/index.php of CuppaCMS v1.0 allows attackers to upload arbitrary files and execute arbitrary code via a crafted PHP file. | 7.5 |
| 2022-01-31 | CVE-2022-24264 | SQL Injection vulnerability in Cuppacms 1.0 Cuppa CMS v1.0 was discovered to contain a SQL injection vulnerability in /administrator/components/table_manager/ via the search_word parameter. | 7.8 |
| 2022-01-31 | CVE-2022-24265 | SQL Injection vulnerability in Cuppacms 1.0 Cuppa CMS v1.0 was discovered to contain a SQL injection vulnerability in /administrator/components/menu/ via the path=component/menu/&menu_filter=3 parameter. | 7.8 |
| 2022-01-31 | CVE-2022-24266 | SQL Injection vulnerability in Cuppacms 1.0 Cuppa CMS v1.0 was discovered to contain a SQL injection vulnerability in /administrator/components/table_manager/ via the order_by parameter. | 7.8 |
| 2018-11-26 | CVE-2018-19559 | SQL Injection vulnerability in Cuppacms CuppaCMS before 2018-11-12 has SQL Injection in administrator/classes/ajax/functions.php via the reference_id parameter. | 7.5 |