Cuppa CMS v1.0 - Local File Inclusion

CuppaCMS v1.0 was discovered to contain a local file inclusion via the url parameter in /alerts/alertLightbox.php. id: CVE-2022-25485 info: name: Cuppa CMS v1.0 - Local File Inclusion author: theamanrawat severity: high description: | CuppaCMS v1.0 was discovered to contain a local file inclusion...

CuppaCMS v1.0 - Local File Inclusion

Cuppa CMS v1.0 is vulnerable to local file inclusion via the component /templates/default/html/windows/right.php. id: CVE-2022-34121 info: name: CuppaCMS v1.0 - Local File Inclusion author: edoardottt severity: high description: | Cuppa CMS v1.0 is vulnerable to local file inclusion via the...

VulnCheck KEV: CVE-2022-38296

Cuppa CMS v1.0 was discovered to contain an arbitrary file upload vulnerability via the File Manager...

CVE-2022-38295

Cuppa CMS v1.0 was discovered to contain a cross-site scripting vulnerability at /tablemanager/view/cuusergroups. This vulnerability allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Name field under the Add New Group function...

CVE-2022-38296

Cuppa CMS v1.0 was discovered to contain an arbitrary file upload vulnerability via the File Manager...

EUVD-2021-26707

Malware in sbrugna...

EUVD-2023-43382

Malicious code in bioql PyPI...

EUVD-2022-30071

Malicious code in bioql PyPI...

EUVD-2022-29522

Malicious code in bioql PyPI...

CVE-2023-39681

Cuppa CMS v1.0 was discovered to contain a remote code execution RCE vulnerability via the emailoutgoing parameter at /Configuration.php. This vulnerability is triggered via a crafted payload...

CVE-2022-25401

The copy function of the file manager in Cuppa CMS v1.0 allows any file to be copied to the current directory, granting attackers read access to arbitrary files...

CVE-2022-24647

Cuppa CMS v1.0 was discovered to contain an arbitrary file deletion vulnerability via the unlink function...

CVE-2022-24265

Cuppa CMS v1.0 was discovered to contain a SQL injection vulnerability in /administrator/components/menu/ via the path=component/menu/filter=3 parameter...

CVE-2022-24264

Cuppa CMS v1.0 was discovered to contain a SQL injection vulnerability in /administrator/components/tablemanager/ via the searchword parameter...

CVE-2022-24266

Cuppa CMS v1.0 was discovered to contain a SQL injection vulnerability in /administrator/components/tablemanager/ via the orderby parameter...

CVE-2022-34121

Cuppa CMS v1.0 was discovered to contain a local file inclusion LFI vulnerability via the component /templates/default/html/windows/right.php...

CVE-2021-3376

An issue was discovered in Cuppa CMS Versions Before 31 Jan 2021 allows authenticated attackers to gain escalated privileges via a crafted POST request using the usergroupidfield parameter...

CVE-2023-39681

Cuppa CMS v1.0 was discovered to contain a remote code execution RCE vulnerability via the emailoutgoing parameter at /Configuration.php. This vulnerability is triggered via a crafted payload...

CVE-2023-39681

Cuppa CMS v1.0 was discovered to contain a remote code execution RCE vulnerability via the emailoutgoing parameter at /Configuration.php. This vulnerability is triggered via a crafted payload...

CVE-2023-39681

Cuppa CMS v1.0 was discovered to contain a remote code execution RCE vulnerability via the emailoutgoing parameter at /Configuration.php. This vulnerability is triggered via a crafted payload...