CVE Tools

cuppacms

Web & CMS Pluginsoss-project

12

Cumulative CVEs

3

Monthly snapshots

#114

Peak rank

Top products

Latest CVEs

The 15 most recently published vulnerabilities affecting cuppacms.

CVE-2023-47990SQL Injection vulnerability in components/table_manager/html/edit_admin_table.php in CuppaCMS V1.0 allows attackers to run arbitrary SQL commands via the table parameter.9.8Dec 20, 2023
CVE-2023-39681Cuppa CMS v1.0 was discovered to contain a remote code execution (RCE) vulnerability via the email_outgoing parameter at /Configuration.php. This vulnerability is triggered via a crafted payload.9.8Sep 5, 2023
CVE-2021-29368Session fixation vulnerability in CuppaCMS thru commit 4c9b742b23b924cf4c1f943f48b278e06a17e297 on November 12, 2019 allows attackers to gain access to arbitrary user sessions.8.8Jan 20, 2023
CVE-2022-37191The component "cuppa/api/index.php" of CuppaCMS v1.0 is Vulnerable to LFI. An authenticated user can read system files via crafted POST request using [function] parameter value as LFI payload.6.5Sep 13, 2022
CVE-2022-37190CuppaCMS 1.0 is vulnerable to Remote Code Execution (RCE). An authenticated user can control both parameters (action and function) from "/api/index.php.8.8Sep 13, 2022
CVE-2022-38296Cuppa CMS v1.0 was discovered to contain an arbitrary file upload vulnerability via the File Manager.9.8Sep 12, 2022
CVE-2022-38295Cuppa CMS v1.0 was discovered to contain a cross-site scripting vulnerability at /table_manager/view/cu_user_groups. This vulnerability allows attackers to execute arbitrary web scripts or HTML via...6.1Sep 12, 2022
CVE-2022-34121Cuppa CMS v1.0 was discovered to contain a local file inclusion (LFI) vulnerability via the component /templates/default/html/windows/right.php.7.5Jul 27, 2022
CVE-2022-27985CuppaCMS v1.0 was discovered to contain a SQL injection vulnerability via /administrator/alerts/alertLightbox.php.9.8Apr 26, 2022
CVE-2022-27984CuppaCMS v1.0 was discovered to contain a SQL injection vulnerability via the menu_filter parameter at /administrator/templates/default/html/windows/right.php.9.8Apr 26, 2022
CVE-2022-25485CuppaCMS v1.0 was discovered to contain a local file inclusion via the url parameter in /alerts/alertLightbox.php.7.8Mar 15, 2022
CVE-2022-25486CuppaCMS v1.0 was discovered to contain a local file inclusion via the url parameter in /alerts/alertConfigField.php.7.8Mar 15, 2022
CVE-2022-25495The component /jquery_file_upload/server/php/index.php of CuppaCMS v1.0 allows attackers to upload arbitrary files and execute arbitrary code via a crafted PHP file.9.8Mar 15, 2022
CVE-2022-25497CuppaCMS v1.0 was discovered to contain an arbitrary file read via the copy function.5.3Mar 15, 2022
CVE-2022-25498CuppaCMS v1.0 was discovered to contain a remote code execution (RCE) vulnerability via the saveConfigData function in /classes/ajax/Functions.php.9.8Mar 15, 2022