Vulnerabilities > Cuppacms > High
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2021-12-14 | CVE-2021-3376 | Unspecified vulnerability in Cuppacms 1.0 An issue was discovered in Cuppa CMS Versions Before 31 Jan 2021 allows authenticated attackers to gain escalated privileges via a crafted POST request using the user_group_id_field parameter. | 8.8 |
| 2020-10-05 | CVE-2020-26048 | Unrestricted Upload of File with Dangerous Type vulnerability in Cuppacms The file manager option in CuppaCMS before 2019-11-12 allows an authenticated attacker to upload a malicious file within an image extension and through a custom request using the rename function provided by the file manager is able to modify the image extension into PHP resulting in remote arbitrary code execution. | 8.8 |