Cuppacms: >> Cuppacms >> 1.0 Security Vulnerabilities
An issue was discovered in Cuppa CMS Versions Before 31 Jan 2021 allows authenticated attackers to gain escalated privileges via a crafted POST request using the user_group_id_field parameter.
CVSS Score
8.8
EPSS Score
0.004
Published
2021-12-14
The file manager option in CuppaCMS before 2019-11-12 allows an authenticated attacker to upload a malicious file within an image extension and through a custom request using the rename function provided by the file manager is able to modify the image extension into PHP resulting in remote arbitrary code execution.
CVSS Score
8.8
EPSS Score
0.019
Published
2020-10-05
CuppaCMS before 2018-11-12 has SQL Injection in administrator/classes/ajax/functions.php via the reference_id parameter.
CVSS Score
9.8
EPSS Score
0.002
Published
2018-11-26
Stored XSS exists in CuppaCMS through 2018-09-03 via an administrator/#/component/table_manager/view/cu_menus section name.
CVSS Score
4.8
EPSS Score
0.003
Published
2018-09-21
Page 3