High

DATE	CVE	VULNERABILITY TITLE	RISK
2023-01-20	CVE-2021-29368	Session Fixation vulnerability in Cuppacms Session fixation vulnerability in CuppaCMS thru commit 4c9b742b23b924cf4c1f943f48b278e06a17e297 on November 12, 2019 allows attackers to gain access to arbitrary user sessions. network low complexity cuppacms CWE-384	8.8
2022-09-13	CVE-2022-37190	Unspecified vulnerability in Cuppacms 1.0 CuppaCMS 1.0 is vulnerable to Remote Code Execution (RCE). network low complexity cuppacms	8.8
2022-07-27	CVE-2022-34121	Inclusion of Functionality from Untrusted Control Sphere vulnerability in Cuppacms 1.0 Cuppa CMS v1.0 was discovered to contain a local file inclusion (LFI) vulnerability via the component /templates/default/html/windows/right.php. network low complexity cuppacms CWE-829	7.5
2022-03-15	CVE-2022-25485	Inclusion of Functionality from Untrusted Control Sphere vulnerability in Cuppacms 1.0 CuppaCMS v1.0 was discovered to contain a local file inclusion via the url parameter in /alerts/alertLightbox.php. local low complexity cuppacms CWE-829	7.8
2022-03-15	CVE-2022-25486	Inclusion of Functionality from Untrusted Control Sphere vulnerability in Cuppacms 1.0 CuppaCMS v1.0 was discovered to contain a local file inclusion via the url parameter in /alerts/alertConfigField.php. local low complexity cuppacms CWE-829	7.8
2022-02-24	CVE-2022-25401	Unspecified vulnerability in Cuppacms 1.0 The copy function of the file manager in Cuppa CMS v1.0 allows any file to be copied to the current directory, granting attackers read access to arbitrary files. network low complexity cuppacms	7.5
2022-02-10	CVE-2022-24647	Path Traversal vulnerability in Cuppacms 1.0 Cuppa CMS v1.0 was discovered to contain an arbitrary file deletion vulnerability via the unlink() function. network low complexity cuppacms CWE-22	8.1
2022-01-31	CVE-2022-24264	SQL Injection vulnerability in Cuppacms 1.0 Cuppa CMS v1.0 was discovered to contain a SQL injection vulnerability in /administrator/components/table_manager/ via the search_word parameter. network low complexity cuppacms CWE-89	7.5
2022-01-31	CVE-2022-24265	SQL Injection vulnerability in Cuppacms 1.0 Cuppa CMS v1.0 was discovered to contain a SQL injection vulnerability in /administrator/components/menu/ via the path=component/menu/&menu_filter=3 parameter. network low complexity cuppacms CWE-89	7.5
2022-01-31	CVE-2022-24266	SQL Injection vulnerability in Cuppacms 1.0 Cuppa CMS v1.0 was discovered to contain a SQL injection vulnerability in /administrator/components/table_manager/ via the order_by parameter. network low complexity cuppacms CWE-89	7.5