Cuppacms: >> Cuppacms Security Vulnerabilities
CuppaCMS v1.0 was discovered to contain a local file inclusion via the url parameter in /alerts/alertLightbox.php.
CVSS Score
7.8
EPSS Score
0.476
Published
2022-03-15
CuppaCMS v1.0 was discovered to contain a local file inclusion via the url parameter in /alerts/alertConfigField.php.
CVSS Score
7.8
EPSS Score
0.746
Published
2022-03-15
The component /jquery_file_upload/server/php/index.php of CuppaCMS v1.0 allows attackers to upload arbitrary files and execute arbitrary code via a crafted PHP file.
CVSS Score
9.8
EPSS Score
0.029
Published
2022-03-15
CuppaCMS v1.0 was discovered to contain an arbitrary file read via the copy function.
CVSS Score
5.3
EPSS Score
0.222
Published
2022-03-15
CuppaCMS v1.0 was discovered to contain a remote code execution (RCE) vulnerability via the saveConfigData function in /classes/ajax/Functions.php.
CVSS Score
9.8
EPSS Score
0.115
Published
2022-03-15
The copy function of the file manager in Cuppa CMS v1.0 allows any file to be copied to the current directory, granting attackers read access to arbitrary files.
CVSS Score
7.5
EPSS Score
0.067
Published
2022-02-24
Cuppa CMS v1.0 was discovered to contain an arbitrary file deletion vulnerability via the unlink() function.
CVSS Score
8.1
EPSS Score
0.004
Published
2022-02-10
Cuppa CMS v1.0 was discovered to contain a SQL injection vulnerability in /administrator/components/table_manager/ via the search_word parameter.
CVSS Score
7.5
EPSS Score
0.578
Published
2022-01-31
Cuppa CMS v1.0 was discovered to contain a SQL injection vulnerability in /administrator/components/menu/ via the path=component/menu/&menu_filter=3 parameter.
CVSS Score
7.5
EPSS Score
0.554
Published
2022-01-31
Cuppa CMS v1.0 was discovered to contain a SQL injection vulnerability in /administrator/components/table_manager/ via the order_by parameter.
CVSS Score
7.5
EPSS Score
0.536
Published
2022-01-31