CuppaCMS v1.0 exists to contain a remote code execution (RCE) vulnerability via the saveConfigData function in /classes/ajax/Functions.php.
cuppacms cuppacms 1.0