📦 Cuppacms

This CVE describes a SQL injection vulnerability in CuppaCMS V1.0, specifically in the edit_admin_table.php component. Attackers can execute arbitrary SQL commands via the 'table' parameter, potential...

Cuppa CMS v1.0 contains a critical remote code execution vulnerability in the email_outgoing parameter at /Configuration.php. Attackers can execute arbitrary code on affected systems by sending a craf...

CVE-2022-27984 is a critical SQL injection vulnerability in CuppaCMS v1.0 that allows attackers to execute arbitrary SQL commands via the menu_filter parameter. This affects all installations of Cuppa...

CVE-2022-25498 is a critical remote code execution vulnerability in CuppaCMS v1.0 that allows attackers to execute arbitrary code on affected systems via the saveConfigData function. This affects all ...

CVE-2022-34121 is a local file inclusion vulnerability in Cuppa CMS v1.0 that allows attackers to read arbitrary files on the server via the /templates/default/html/windows/right.php component. This a...

CVE-2022-25485 is a local file inclusion vulnerability in CuppaCMS v1.0 that allows attackers to read arbitrary files on the server via the url parameter in /alerts/alertLightbox.php. This affects all...

This vulnerability in Cuppa CMS v1.0 allows attackers to copy arbitrary files to the current directory via the file manager's copy function, enabling unauthorized read access to sensitive files. Any s...

CVE-2022-24265 is a SQL injection vulnerability in Cuppa CMS v1.0 that allows attackers to execute arbitrary SQL commands via the menu_filter parameter. This affects all installations of Cuppa CMS v1....

CVE-2021-3376 is a privilege escalation vulnerability in Cuppa CMS that allows authenticated attackers to elevate their privileges via a crafted POST request. This affects all Cuppa CMS installations ...