Vulnerabilities
Vulnerable Software
Cuppacms:  >> Cuppacms  Security Vulnerabilities
SQL Injection vulnerability in components/table_manager/html/edit_admin_table.php in CuppaCMS V1.0 allows attackers to run arbitrary SQL commands via the table parameter.
CVSS Score
9.8
EPSS Score
0.002
Published
2023-12-20
Cuppa CMS v1.0 was discovered to contain a remote code execution (RCE) vulnerability via the email_outgoing parameter at /Configuration.php. This vulnerability is triggered via a crafted payload.
CVSS Score
9.8
EPSS Score
0.044
Published
2023-09-05
Session fixation vulnerability in CuppaCMS thru commit 4c9b742b23b924cf4c1f943f48b278e06a17e297 on November 12, 2019 allows attackers to gain access to arbitrary user sessions.
CVSS Score
8.8
EPSS Score
0.002
Published
2023-01-20
CuppaCMS 1.0 is vulnerable to Remote Code Execution (RCE). An authenticated user can control both parameters (action and function) from "/api/index.php.
CVSS Score
8.8
EPSS Score
0.869
Published
2022-09-13
The component "cuppa/api/index.php" of CuppaCMS v1.0 is Vulnerable to LFI. An authenticated user can read system files via crafted POST request using [function] parameter value as LFI payload.
CVSS Score
6.5
EPSS Score
0.757
Published
2022-09-13
Cuppa CMS v1.0 was discovered to contain a cross-site scripting vulnerability at /table_manager/view/cu_user_groups. This vulnerability allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Name field under the Add New Group function.
CVSS Score
6.1
EPSS Score
0.554
Published
2022-09-12
Cuppa CMS v1.0 was discovered to contain an arbitrary file upload vulnerability via the File Manager.
CVSS Score
9.8
EPSS Score
0.87
Published
2022-09-12
Cuppa CMS v1.0 was discovered to contain a local file inclusion (LFI) vulnerability via the component /templates/default/html/windows/right.php.
CVSS Score
7.5
EPSS Score
0.424
Published
2022-07-27
CuppaCMS v1.0 was discovered to contain a SQL injection vulnerability via the menu_filter parameter at /administrator/templates/default/html/windows/right.php.
CVSS Score
9.8
EPSS Score
0.12
Published
2022-04-26
CuppaCMS v1.0 was discovered to contain a SQL injection vulnerability via /administrator/alerts/alertLightbox.php.
CVSS Score
9.8
EPSS Score
0.12
Published
2022-04-26


Contact Us

Shodan ® - All rights reserved