23 matches found
CVE-2023-47990
SQL Injection vulnerability in components/tablemanager/html/editadmintable.php in CuppaCMS V1.0 allows attackers to run arbitrary SQL commands via the table parameter...
Sql injection
SQL Injection vulnerability in components/tablemanager/html/editadmintable.php in CuppaCMS V1.0 allows attackers to run arbitrary SQL commands via the table parameter...
CVE-2023-47990
SQL Injection vulnerability in components/tablemanager/html/editadmintable.php in CuppaCMS V1.0 allows attackers to run arbitrary SQL commands via the table parameter...
CVE-2022-37191
The component "cuppa/api/index.php" of CuppaCMS v1.0 is Vulnerable to LFI. An authenticated user can read system files via crafted POST request using function parameter value as LFI payload...
Cross site request forgery (csrf)
The component "cuppa/api/index.php" of CuppaCMS v1.0 is Vulnerable to LFI. An authenticated user can read system files via crafted POST request using function parameter value as LFI payload...
CVE-2022-27985
CuppaCMS v1.0 was discovered to contain a SQL injection vulnerability via /administrator/alerts/alertLightbox.php...
CVE-2022-27984
CuppaCMS v1.0 was discovered to contain a SQL injection vulnerability via the menufilter parameter at /administrator/templates/default/html/windows/right.php...
Sql injection
CuppaCMS v1.0 was discovered to contain a SQL injection vulnerability via /administrator/alerts/alertLightbox.php...
Sql injection
CuppaCMS v1.0 was discovered to contain a SQL injection vulnerability via the menufilter parameter at /administrator/templates/default/html/windows/right.php...
CVE-2022-27985
CuppaCMS v1.0 was discovered to contain a SQL injection vulnerability via /administrator/alerts/alertLightbox.php...
CVE-2022-27984
CuppaCMS v1.0 was discovered to contain a SQL injection vulnerability via the menufilter parameter at /administrator/templates/default/html/windows/right.php...
CVE-2022-25495
The component /jqueryfileupload/server/php/index.php of CuppaCMS v1.0 allows attackers to upload arbitrary files and execute arbitrary code via a crafted PHP file...
CVE-2022-25486
CuppaCMS v1.0 was discovered to contain a local file inclusion via the url parameter in /alerts/alertConfigField.php...
CVE-2022-25497
CuppaCMS v1.0 was discovered to contain an arbitrary file read via the copy function...
Design/Logic Flaw
CuppaCMS v1.0 was discovered to contain a local file inclusion via the url parameter in /alerts/alertLightbox.php...
Code injection
CuppaCMS v1.0 was discovered to contain an arbitrary file read via the copy function...
Code injection
The component /jqueryfileupload/server/php/index.php of CuppaCMS v1.0 allows attackers to upload arbitrary files and execute arbitrary code via a crafted PHP file...
Remote code execution
CuppaCMS v1.0 was discovered to contain a remote code execution RCE vulnerability via the saveConfigData function in /classes/ajax/Functions.php...
CVE-2022-25485
CuppaCMS v1.0 was discovered to contain a local file inclusion via the url parameter in /alerts/alertLightbox.php...
CVE-2022-25486
CuppaCMS v1.0 was discovered to contain a local file inclusion via the url parameter in /alerts/alertConfigField.php...