Vulnerabilities > Cuppacms > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2022-03-15 | CVE-2022-25485 | Inclusion of Functionality from Untrusted Control Sphere vulnerability in Cuppacms 1.0 CuppaCMS v1.0 was discovered to contain a local file inclusion via the url parameter in /alerts/alertLightbox.php. | 6.8 |
| 2022-03-15 | CVE-2022-25497 | Files or Directories Accessible to External Parties vulnerability in Cuppacms 1.0 CuppaCMS v1.0 was discovered to contain an arbitrary file read via the copy function. | 5.0 |
| 2022-02-24 | CVE-2022-25401 | Unspecified vulnerability in Cuppacms 1.0 The copy function of the file manager in Cuppa CMS v1.0 allows any file to be copied to the current directory, granting attackers read access to arbitrary files. | 5.0 |
| 2022-02-10 | CVE-2022-24647 | Path Traversal vulnerability in Cuppacms 1.0 Cuppa CMS v1.0 was discovered to contain an arbitrary file deletion vulnerability via the unlink() function. | 5.5 |
| 2021-12-14 | CVE-2021-3376 | Unspecified vulnerability in Cuppacms An issue was discovered in Cuppa CMS Versions Before 31 Jan 2021 allows authenticated attackers to gain escalated privileges via a crafted POST request using the user_group_id_field parameter. | 6.5 |
| 2020-10-05 | CVE-2020-26048 | Unrestricted Upload of File with Dangerous Type vulnerability in Cuppacms The file manager option in CuppaCMS before 2019-11-12 allows an authenticated attacker to upload a malicious file within an image extension and through a custom request using the rename function provided by the file manager is able to modify the image extension into PHP resulting in remote arbitrary code execution. | 6.5 |