Cuppacms: >> Cuppacms >> 2016-11-05 Security Vulnerabilities
Session fixation vulnerability in CuppaCMS thru commit 4c9b742b23b924cf4c1f943f48b278e06a17e297 on November 12, 2019 allows attackers to gain access to arbitrary user sessions.
CVSS Score
8.8
EPSS Score
0.002
Published
2023-01-20
The file manager option in CuppaCMS before 2019-11-12 allows an authenticated attacker to upload a malicious file within an image extension and through a custom request using the rename function provided by the file manager is able to modify the image extension into PHP resulting in remote arbitrary code execution.
CVSS Score
8.8
EPSS Score
0.019
Published
2020-10-05
CuppaCMS before 2018-11-12 has SQL Injection in administrator/classes/ajax/functions.php via the reference_id parameter.
CVSS Score
9.8
EPSS Score
0.002
Published
2018-11-26
Stored XSS exists in CuppaCMS through 2018-09-03 via an administrator/#/component/table_manager/view/cu_menus section name.
CVSS Score
4.8
EPSS Score
0.003
Published
2018-09-21