Cuppacms Security Vulnerabilities

CVE-2023-47990

SQL Injection vulnerability in components/table_manager/html/edit_admin_table.php in CuppaCMS V1.0 allows attackers to run arbitrary SQL commands via the table...

CVE-2023-39681

Cuppa CMS v1.0 was discovered to contain a remote code execution (RCE) vulnerability via the email_outgoing parameter at /Configuration.php. This vulnerability is triggered via a crafted...

CVE-2021-29368

Session fixation vulnerability in CuppaCMS thru commit 4c9b742b23b924cf4c1f943f48b278e06a17e297 on November 12, 2019 allows attackers to gain access to arbitrary user...

CVE-2022-37190

CuppaCMS 1.0 is vulnerable to Remote Code Execution (RCE). An authenticated user can control both parameters (action and function) from...

CVE-2022-37191

The component "cuppa/api/index.php" of CuppaCMS v1.0 is Vulnerable to LFI. An authenticated user can read system files via crafted POST request using [function] parameter value as LFI...

CVE-2022-38296

Cuppa CMS v1.0 was discovered to contain an arbitrary file upload vulnerability via the File...

CVE-2022-38295

Cuppa CMS v1.0 was discovered to contain a cross-site scripting vulnerability at /table_manager/view/cu_user_groups. This vulnerability allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Name field under the Add New Group...

CVE-2022-34121

Cuppa CMS v1.0 was discovered to contain a local file inclusion (LFI) vulnerability via the component...

CVE-2022-27984

CuppaCMS v1.0 was discovered to contain a SQL injection vulnerability via the menu_filter parameter at...

CVE-2022-27985

CuppaCMS v1.0 was discovered to contain a SQL injection vulnerability via...

CVE-2022-25497

CuppaCMS v1.0 was discovered to contain an arbitrary file read via the copy...

CVE-2022-25498

CuppaCMS v1.0 was discovered to contain a remote code execution (RCE) vulnerability via the saveConfigData function in...

CVE-2022-25486

CuppaCMS v1.0 was discovered to contain a local file inclusion via the url parameter in...

CVE-2022-25485

CuppaCMS v1.0 was discovered to contain a local file inclusion via the url parameter in...

CVE-2022-25495

The component /jquery_file_upload/server/php/index.php of CuppaCMS v1.0 allows attackers to upload arbitrary files and execute arbitrary code via a crafted PHP...

CVE-2022-25401

The copy function of the file manager in Cuppa CMS v1.0 allows any file to be copied to the current directory, granting attackers read access to arbitrary...

CVE-2022-24647

Cuppa CMS v1.0 was discovered to contain an arbitrary file deletion vulnerability via the unlink()...

CVE-2022-24265

Cuppa CMS v1.0 was discovered to contain a SQL injection vulnerability in /administrator/components/menu/ via the path=component/menu/&menu_filter=3...

CVE-2022-24264

Cuppa CMS v1.0 was discovered to contain a SQL injection vulnerability in /administrator/components/table_manager/ via the search_word...

CVE-2022-24266

Cuppa CMS v1.0 was discovered to contain a SQL injection vulnerability in /administrator/components/table_manager/ via the order_by...

CVE-2021-3376

An issue was discovered in Cuppa CMS Versions Before 31 Jan 2021 allows authenticated attackers to gain escalated privileges via a crafted POST request using the user_group_id_field...

CVE-2020-26048

The file manager option in CuppaCMS before 2019-11-12 allows an authenticated attacker to upload a malicious file within an image extension and through a custom request using the rename function provided by the file manager is able to modify the image extension into PHP resulting in remote...

CVE-2018-19918

CuppaCMS has XSS via an SVG document uploaded to the administrator/#/component/table_manager/view/cu_views...

CVE-2018-19559

CuppaCMS before 2018-11-12 has SQL Injection in administrator/classes/ajax/functions.php via the reference_id...

CVE-2018-17300

Stored XSS exists in CuppaCMS through 2018-09-03 via an administrator/#/component/table_manager/view/cu_menus section...