Filtered by vendor Cuppacms
Subscriptions
Filtered by product Cuppacms
Subscriptions
Total
25 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2023-47990 | 1 Cuppacms | 1 Cuppacms | 2024-09-17 | 9.8 Critical |
| SQL Injection vulnerability in components/table_manager/html/edit_admin_table.php in CuppaCMS V1.0 allows attackers to run arbitrary SQL commands via the table parameter. | ||||
| CVE-2018-19559 | 1 Cuppacms | 1 Cuppacms | 2024-09-16 | N/A |
| CuppaCMS before 2018-11-12 has SQL Injection in administrator/classes/ajax/functions.php via the reference_id parameter. | ||||
| CVE-2018-19918 | 1 Cuppacms | 1 Cuppacms | 2024-08-05 | N/A |
| CuppaCMS has XSS via an SVG document uploaded to the administrator/#/component/table_manager/view/cu_views URI. | ||||
| CVE-2018-17300 | 1 Cuppacms | 1 Cuppacms | 2024-08-05 | 4.8 Medium |
| Stored XSS exists in CuppaCMS through 2018-09-03 via an administrator/#/component/table_manager/view/cu_menus section name. | ||||
| CVE-2020-26048 | 1 Cuppacms | 1 Cuppacms | 2024-08-04 | 8.8 High |
| The file manager option in CuppaCMS before 2019-11-12 allows an authenticated attacker to upload a malicious file within an image extension and through a custom request using the rename function provided by the file manager is able to modify the image extension into PHP resulting in remote arbitrary code execution. | ||||
| CVE-2021-29368 | 1 Cuppacms | 1 Cuppacms | 2024-08-03 | 8.8 High |
| Session fixation vulnerability in CuppaCMS thru commit 4c9b742b23b924cf4c1f943f48b278e06a17e297 on November 12, 2019 allows attackers to gain access to arbitrary user sessions. | ||||
| CVE-2021-3376 | 1 Cuppacms | 1 Cuppacms | 2024-08-03 | 8.8 High |
| An issue was discovered in Cuppa CMS Versions Before 31 Jan 2021 allows authenticated attackers to gain escalated privileges via a crafted POST request using the user_group_id_field parameter. | ||||
| CVE-2022-38295 | 1 Cuppacms | 1 Cuppacms | 2024-08-03 | 6.1 Medium |
| Cuppa CMS v1.0 was discovered to contain a cross-site scripting vulnerability at /table_manager/view/cu_user_groups. This vulnerability allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Name field under the Add New Group function. | ||||
| CVE-2022-38296 | 1 Cuppacms | 1 Cuppacms | 2024-08-03 | 9.8 Critical |
| Cuppa CMS v1.0 was discovered to contain an arbitrary file upload vulnerability via the File Manager. | ||||
| CVE-2022-37190 | 1 Cuppacms | 1 Cuppacms | 2024-08-03 | 8.8 High |
| CuppaCMS 1.0 is vulnerable to Remote Code Execution (RCE). An authenticated user can control both parameters (action and function) from "/api/index.php. | ||||
| CVE-2022-37191 | 1 Cuppacms | 1 Cuppacms | 2024-08-03 | 6.5 Medium |
| The component "cuppa/api/index.php" of CuppaCMS v1.0 is Vulnerable to LFI. An authenticated user can read system files via crafted POST request using [function] parameter value as LFI payload. | ||||
| CVE-2022-34121 | 1 Cuppacms | 1 Cuppacms | 2024-08-03 | 7.5 High |
| Cuppa CMS v1.0 was discovered to contain a local file inclusion (LFI) vulnerability via the component /templates/default/html/windows/right.php. | ||||
| CVE-2022-27984 | 1 Cuppacms | 1 Cuppacms | 2024-08-03 | 9.8 Critical |
| CuppaCMS v1.0 was discovered to contain a SQL injection vulnerability via the menu_filter parameter at /administrator/templates/default/html/windows/right.php. | ||||
| CVE-2022-27985 | 1 Cuppacms | 1 Cuppacms | 2024-08-03 | 9.8 Critical |
| CuppaCMS v1.0 was discovered to contain a SQL injection vulnerability via /administrator/alerts/alertLightbox.php. | ||||
| CVE-2022-25486 | 1 Cuppacms | 1 Cuppacms | 2024-08-03 | 7.8 High |
| CuppaCMS v1.0 was discovered to contain a local file inclusion via the url parameter in /alerts/alertConfigField.php. | ||||
| CVE-2022-25498 | 1 Cuppacms | 1 Cuppacms | 2024-08-03 | 9.8 Critical |
| CuppaCMS v1.0 was discovered to contain a remote code execution (RCE) vulnerability via the saveConfigData function in /classes/ajax/Functions.php. | ||||
| CVE-2022-25497 | 1 Cuppacms | 1 Cuppacms | 2024-08-03 | 5.3 Medium |
| CuppaCMS v1.0 was discovered to contain an arbitrary file read via the copy function. | ||||
| CVE-2022-25495 | 1 Cuppacms | 1 Cuppacms | 2024-08-03 | 9.8 Critical |
| The component /jquery_file_upload/server/php/index.php of CuppaCMS v1.0 allows attackers to upload arbitrary files and execute arbitrary code via a crafted PHP file. | ||||
| CVE-2022-25485 | 1 Cuppacms | 1 Cuppacms | 2024-08-03 | 7.8 High |
| CuppaCMS v1.0 was discovered to contain a local file inclusion via the url parameter in /alerts/alertLightbox.php. | ||||
| CVE-2022-25401 | 1 Cuppacms | 1 Cuppacms | 2024-08-03 | 7.5 High |
| The copy function of the file manager in Cuppa CMS v1.0 allows any file to be copied to the current directory, granting attackers read access to arbitrary files. | ||||