99 matches found
Cuppa CMS v1.0 - Cross Site Scripting
Cuppa CMS v1.0 was discovered to contain a cross-site scripting vulnerability at /tablemanager/view/cuusergroups. This vulnerability allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Name field under the Add New Group function. id: CVE-2022-38295...
Cuppa CMS v1.0 - Local File Inclusion
CuppaCMS v1.0 was discovered to contain a local file inclusion via the url parameter in /alerts/alertLightbox.php. id: CVE-2022-25485 info: name: Cuppa CMS v1.0 - Local File Inclusion author: theamanrawat severity: high description: | CuppaCMS v1.0 was discovered to contain a local file inclusion...
CuppaCMS v1.0 - Local File Inclusion
Cuppa CMS v1.0 is vulnerable to local file inclusion via the component /templates/default/html/windows/right.php. id: CVE-2022-34121 info: name: CuppaCMS v1.0 - Local File Inclusion author: edoardottt severity: high description: | Cuppa CMS v1.0 is vulnerable to local file inclusion via the...
Cuppa CMS v1.0 - Local File Inclusion
CuppaCMS v1.0 was discovered to contain an arbitrary file read via the copy function. id: CVE-2022-25497 info: name: Cuppa CMS v1.0 - Local File Inclusion author: theamanrawat severity: medium description: | CuppaCMS v1.0 was discovered to contain an arbitrary file read via the copy function...
Cuppa CMS v1.0 - Authenticated Local File Inclusion
The component "cuppa/api/index.php" of CuppaCMS v1.0 is Vulnerable to LFI. An authenticated user can read system files via crafted POST request using function parameter value as LFI payload. id: CVE-2022-37191 info: name: Cuppa CMS v1.0 - Authenticated Local File Inclusion author: theamanrawat...
Cuppa CMS v1.0 - Remote Code Execution
CuppaCMS 1.0 is vulnerable to Remote Code Execution RCE. An authenticated user can control both parameters action and function from "/api/index.php. id: CVE-2022-37190 info: name: Cuppa CMS v1.0 - Remote Code Execution author: theamanrawat severity: high description: | CuppaCMS 1.0 is vulnerable ...
Cuppa CMS v1.0 - SQL injection
Cuppa CMS v1.0 was discovered to contain a SQL injection vulnerability in /administrator/components/menu/ via the path=component/menu/&menufilter=3 parameter. id: CVE-2022-24265 info: name: Cuppa CMS v1.0 - SQL injection author: theamanrawat severity: high description: | Cuppa CMS v1.0 was...
Cuppa CMS v1.0 - SQL injection
Cuppa CMS v1.0 was discovered to contain a SQL injection vulnerability in /administrator/components/tablemanager/ via the searchword parameter. id: CVE-2022-24264 info: name: Cuppa CMS v1.0 - SQL injection author: theamanrawat severity: high description: | Cuppa CMS v1.0 was discovered to contain...
Cuppa CMS v1.0 - SQL injection
Cuppa CMS v1.0 was discovered to contain a SQL injection vulnerability in /administrator/components/tablemanager/ via the orderby parameter. id: CVE-2022-24266 info: name: Cuppa CMS v1.0 - SQL injection author: theamanrawat severity: high description: | Cuppa CMS v1.0 was discovered to contain a...
Cuppa CMS v1.0 - Arbitrary File Upload
Cuppa CMS v1.0 was discovered to contain an arbitrary file upload vulnerability via the File Manager. id: CVE-2022-38296 info: name: Cuppa CMS v1.0 - Arbitrary File Upload author: theamanrawat severity: critical description: | Cuppa CMS v1.0 was discovered to contain an arbitrary file upload...
VulnCheck KEV: CVE-2022-38296
Cuppa CMS v1.0 was discovered to contain an arbitrary file upload vulnerability via the File Manager...
CVE-2022-38295
Cuppa CMS v1.0 was discovered to contain a cross-site scripting vulnerability at /tablemanager/view/cuusergroups. This vulnerability allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Name field under the Add New Group function...
CVE-2022-38296
Cuppa CMS v1.0 was discovered to contain an arbitrary file upload vulnerability via the File Manager...
EUVD-2021-26707
Malware in sbrugna...
EUVD-2023-43382
Malicious code in bioql PyPI...
EUVD-2022-30071
Malicious code in bioql PyPI...
EUVD-2022-29522
Malicious code in bioql PyPI...
CVE-2023-39681
Cuppa CMS v1.0 was discovered to contain a remote code execution RCE vulnerability via the emailoutgoing parameter at /Configuration.php. This vulnerability is triggered via a crafted payload...
CVE-2022-25401
The copy function of the file manager in Cuppa CMS v1.0 allows any file to be copied to the current directory, granting attackers read access to arbitrary files...
CVE-2022-24647
Cuppa CMS v1.0 was discovered to contain an arbitrary file deletion vulnerability via the unlink function...