CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

13 matches found

RedhatCVE•added 2026/01/09 10:49 a.m.•23 views

CVE-2022-37190

CuppaCMS 1.0 is vulnerable to Remote Code Execution RCE. An authenticated user can control both parameters action and function from "/api/index.php...

8.8CVSS7.4AI score0.45769EPSS

Exploits1References1

EUVD•added 2025/10/07 12:30 a.m.•2 views

EUVD-2020-18678

Malware in sbrugna...

8.8CVSS8.6AI score0.01785EPSS

Exploits0References2

RedhatCVE•added 2025/05/23 1:25 a.m.•18 views

CVE-2022-25486

CuppaCMS v1.0 was discovered to contain a local file inclusion via the url parameter in /alerts/alertConfigField.php...

7.8CVSS7.1AI score0.09966EPSS

Exploits1References1

RedhatCVE•added 2025/05/23 12:6 a.m.•5 views

CVE-2022-25497

CuppaCMS v1.0 was discovered to contain an arbitrary file read via the copy function...

5.3CVSS7.4AI score0.03642EPSS

Exploits1References1

RedhatCVE•added 2025/05/23 12:6 a.m.•6 views

CVE-2022-25498

CuppaCMS v1.0 was discovered to contain a remote code execution RCE vulnerability via the saveConfigData function in /classes/ajax/Functions.php...

9.8CVSS8.3AI score0.02886EPSS

Exploits1References1

RedhatCVE•added 2025/05/23 12:6 a.m.•6 views

CVE-2022-25485

CuppaCMS v1.0 was discovered to contain a local file inclusion via the url parameter in /alerts/alertLightbox.php...

7.8CVSS7.1AI score0.07927EPSS

Exploits1References1

RedhatCVE•added 2025/05/22 10:39 p.m.•6 views

CVE-2022-27984

CuppaCMS v1.0 was discovered to contain a SQL injection vulnerability via the menufilter parameter at /administrator/templates/default/html/windows/right.php...

9.8CVSS8.3AI score0.06922EPSS

Exploits1References1

RedhatCVE•added 2025/05/22 10:32 p.m.•5 views

CVE-2022-25495

The component /jqueryfileupload/server/php/index.php of CuppaCMS v1.0 allows attackers to upload arbitrary files and execute arbitrary code via a crafted PHP file...

9.8CVSS7.8AI score0.0204EPSS

Exploits1References1

CNVD•added 2023/09/11 12:0 a.m.•15 views

CuppaCMS Code Execution Vulnerability

CuppaCMS is a content management system CMS. A code execution vulnerability exists in CuppaCMS v1.0, which stems from the emailoutgoing parameter of the /Configuration.php file failing to properly filter the special elements of a constructed snippet. An attacker can exploit this vulnerability to...

7.5CVSS7.8AI score0.01391EPSS

Exploits1Affected Software1

NVD•added 2022/09/13 11:15 p.m.•18 views

CVE-2022-37190

CuppaCMS 1.0 is vulnerable to Remote Code Execution RCE. An authenticated user can control both parameters action and function from "/api/index.php...

8.8CVSS0.45769EPSS

Exploits1References2

Cvelist•added 2022/09/13 10:7 p.m.•16 views

CVE-2022-37191

The component "cuppa/api/index.php" of CuppaCMS v1.0 is Vulnerable to LFI. An authenticated user can read system files via crafted POST request using function parameter value as LFI payload...

6.5AI score0.02427EPSS

Exploits1References2

Positive Technologies•added 2022/09/13 12:0 a.m.•2 views

PT-2022-23865 · Cuppacms · Cuppacms

Name of the Vulnerable Software and Affected Versions: CuppaCMS version 1.0 Description: The issue allows an authenticated user to read system files via a crafted POST request. This is achieved by using the function parameter value as a Local File Inclusion LFI payload in the "cuppa/api/index.php...

6.5CVSS6.4AI score0.02427EPSS

Exploits1References4