Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
cuppacms cuppacms 1.0 vulnerabilities and exploits
(subscribe to this query)
7.8
CVSSv3
CVE-2022-25486
CuppaCMS v1.0 exists to contain a local file inclusion via the url parameter in /alerts/alertConfigField.php.
Cuppacms Cuppacms 1.0
9.8
CVSSv3
CVE-2022-25495
The component /jquery_file_upload/server/php/index.php of CuppaCMS v1.0 allows malicious users to upload arbitrary files and execute arbitrary code via a crafted PHP file.
Cuppacms Cuppacms 1.0
5.3
CVSSv3
CVE-2022-25497
CuppaCMS v1.0 exists to contain an arbitrary file read via the copy function.
Cuppacms Cuppacms 1.0
9.8
CVSSv3
CVE-2022-25498
CuppaCMS v1.0 exists to contain a remote code execution (RCE) vulnerability via the saveConfigData function in /classes/ajax/Functions.php.
Cuppacms Cuppacms 1.0
7.5
CVSSv3
CVE-2022-24264
Cuppa CMS v1.0 exists to contain a SQL injection vulnerability in /administrator/components/table_manager/ via the search_word parameter.
Cuppacms Cuppacms 1.0
7.5
CVSSv3
CVE-2022-24265
Cuppa CMS v1.0 exists to contain a SQL injection vulnerability in /administrator/components/menu/ via the path=component/menu/&menu_filter=3 parameter.
Cuppacms Cuppacms 1.0
7.5
CVSSv3
CVE-2022-24266
Cuppa CMS v1.0 exists to contain a SQL injection vulnerability in /administrator/components/table_manager/ via the order_by parameter.
Cuppacms Cuppacms 1.0
8.8
CVSSv3
CVE-2022-37190
CuppaCMS 1.0 is vulnerable to Remote Code Execution (RCE). An authenticated user can control both parameters (action and function) from "/api/index.php.
Cuppacms Cuppacms 1.0
6.5
CVSSv3
CVE-2022-37191
The component "cuppa/api/index.php" of CuppaCMS v1.0 is Vulnerable to LFI. An authenticated user can read system files via crafted POST request using [function] parameter value as LFI payload.
Cuppacms Cuppacms 1.0
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-3380
CVE-2024-1694
local file inclusion
CVE-2024-5645
CVE-2024-24919
XSS
CVE-2024-36774
CVE-2024-21306
SQL
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2