Skip to main content

Cuppacms

20 CVEs product

Monthly

CVE-2023-47990 CRITICAL POC Act Now

SQL Injection vulnerability in components/table_manager/html/edit_admin_table.php in CuppaCMS V1.0 allows attackers to run arbitrary SQL commands via the table parameter. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi Cuppacms
NVD GitHub
CVSS 3.1
9.8
EPSS
0.8%
CVE-2023-39681 CRITICAL POC Act Now

Cuppa CMS v1.0 was discovered to contain a remote code execution (RCE) vulnerability via the email_outgoing parameter at /Configuration.php. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

RCE Code Injection PHP Cuppacms
NVD GitHub
CVSS 3.1
9.8
EPSS
1.4%
CVE-2022-37191 MEDIUM POC This Month

The component "cuppa/api/index.php" of CuppaCMS v1.0 is Vulnerable to LFI. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure PHP Cuppacms
NVD GitHub
CVSS 3.1
6.5
EPSS
2.5%
CVE-2022-37190 HIGH POC THREAT This Week

CuppaCMS 1.0 is vulnerable to Remote Code Execution (RCE). Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

RCE PHP Cuppacms
NVD GitHub
CVSS 3.1
8.8
EPSS
45.8%
CVE-2022-38296 CRITICAL POC Act Now

Cuppa CMS v1.0 was discovered to contain an arbitrary file upload vulnerability via the File Manager. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

File Upload Cuppacms
NVD GitHub
CVSS 3.1
9.8
EPSS
3.9%
CVE-2022-38295 MEDIUM POC This Month

Cuppa CMS v1.0 was discovered to contain a cross-site scripting vulnerability at /table_manager/view/cu_user_groups. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS Cuppacms
NVD GitHub
CVSS 3.1
6.1
EPSS
1.1%
CVE-2022-34121 HIGH POC This Week

Cuppa CMS v1.0 was discovered to contain a local file inclusion (LFI) vulnerability via the component /templates/default/html/windows/right.php. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Microsoft Information Disclosure PHP Cuppacms
NVD GitHub
CVSS 3.1
7.5
EPSS
3.1%
CVE-2022-27985 CRITICAL POC Act Now

CuppaCMS v1.0 was discovered to contain a SQL injection vulnerability via /administrator/alerts/alertLightbox.php. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi Cuppacms
NVD GitHub VulDB
CVSS 3.1
9.8
EPSS
6.9%
CVE-2022-27984 CRITICAL POC Act Now

CuppaCMS v1.0 was discovered to contain a SQL injection vulnerability via the menu_filter parameter at /administrator/templates/default/html/windows/right.php. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi Microsoft PHP Cuppacms
NVD GitHub VulDB
CVSS 3.1
9.8
EPSS
6.9%
CVE-2022-25498 CRITICAL POC Act Now

CuppaCMS v1.0 was discovered to contain a remote code execution (RCE) vulnerability via the saveConfigData function in /classes/ajax/Functions.php. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP RCE Code Injection Cuppacms
NVD GitHub
CVSS 3.1
9.8
EPSS
2.9%
CVE-2022-25497 MEDIUM POC This Month

CuppaCMS v1.0 was discovered to contain an arbitrary file read via the copy function. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Path Traversal Information Disclosure Cuppacms
NVD GitHub
CVSS 3.1
5.3
EPSS
3.6%
CVE-2022-25495 CRITICAL POC Act Now

The component /jquery_file_upload/server/php/index.php of CuppaCMS v1.0 allows attackers to upload arbitrary files and execute arbitrary code via a crafted PHP file. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP RCE File Upload Cuppacms
NVD GitHub
CVSS 3.1
9.8
EPSS
2.0%
CVE-2022-25486 HIGH POC This Week

CuppaCMS v1.0 was discovered to contain a local file inclusion via the url parameter in /alerts/alertConfigField.php. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP Information Disclosure Cuppacms
NVD GitHub
CVSS 3.1
7.8
EPSS
10.0%
CVE-2022-25485 HIGH POC This Week

CuppaCMS v1.0 was discovered to contain a local file inclusion via the url parameter in /alerts/alertLightbox.php. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP Information Disclosure Cuppacms
NVD GitHub
CVSS 3.1
7.8
EPSS
7.9%
CVE-2022-25401 HIGH POC This Week

The copy function of the file manager in Cuppa CMS v1.0 allows any file to be copied to the current directory, granting attackers read access to arbitrary files. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Cuppacms
NVD GitHub
CVSS 3.1
7.5
EPSS
2.2%
CVE-2021-3376 HIGH POC This Week

An issue was discovered in Cuppa CMS Versions Before 31 Jan 2021 allows authenticated attackers to gain escalated privileges via a crafted POST request using the user_group_id_field parameter. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Privilege Escalation Cuppacms
NVD GitHub
CVSS 3.1
8.8
EPSS
1.1%
CVE-2020-26048 HIGH This Week

The file manager option in CuppaCMS before 2019-11-12 allows an authenticated attacker to upload a malicious file within an image extension and through a custom request using the rename function. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

File Upload RCE PHP Cuppacms
NVD GitHub
CVSS 3.1
8.8
EPSS
1.9%
CVE-2018-19918 MEDIUM POC This Month

CuppaCMS has XSS via an SVG document uploaded to the administrator/#/component/table_manager/view/cu_views URI. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS Cuppacms
NVD GitHub
CVSS 3.1
5.4
EPSS
0.7%
CVE-2018-19559 CRITICAL POC Act Now

CuppaCMS before 2018-11-12 has SQL Injection in administrator/classes/ajax/functions.php via the reference_id parameter. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi PHP Cuppacms
NVD GitHub
CVSS 3.0
9.8
EPSS
1.0%
CVE-2018-17300 MEDIUM POC This Month

Stored XSS exists in CuppaCMS through 2018-09-03 via an administrator/#/component/table_manager/view/cu_menus section name. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS Cuppacms
NVD GitHub
CVSS 3.1
4.8
EPSS
0.6%
EPSS 1% CVSS 9.8
CRITICAL POC Act Now

SQL Injection vulnerability in components/table_manager/html/edit_admin_table.php in CuppaCMS V1.0 allows attackers to run arbitrary SQL commands via the table parameter. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi Cuppacms
NVD GitHub
EPSS 1% CVSS 9.8
CRITICAL POC Act Now

Cuppa CMS v1.0 was discovered to contain a remote code execution (RCE) vulnerability via the email_outgoing parameter at /Configuration.php. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

RCE Code Injection PHP +1
NVD GitHub
EPSS 2% CVSS 6.5
MEDIUM POC This Month

The component "cuppa/api/index.php" of CuppaCMS v1.0 is Vulnerable to LFI. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure PHP Cuppacms
NVD GitHub
EPSS 46% CVSS 8.8
HIGH POC THREAT This Week

CuppaCMS 1.0 is vulnerable to Remote Code Execution (RCE). Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

RCE PHP Cuppacms
NVD GitHub
EPSS 4% CVSS 9.8
CRITICAL POC Act Now

Cuppa CMS v1.0 was discovered to contain an arbitrary file upload vulnerability via the File Manager. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

File Upload Cuppacms
NVD GitHub
EPSS 1% CVSS 6.1
MEDIUM POC This Month

Cuppa CMS v1.0 was discovered to contain a cross-site scripting vulnerability at /table_manager/view/cu_user_groups. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS Cuppacms
NVD GitHub
EPSS 3% CVSS 7.5
HIGH POC This Week

Cuppa CMS v1.0 was discovered to contain a local file inclusion (LFI) vulnerability via the component /templates/default/html/windows/right.php. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Microsoft Information Disclosure PHP +1
NVD GitHub
EPSS 7% CVSS 9.8
CRITICAL POC Act Now

CuppaCMS v1.0 was discovered to contain a SQL injection vulnerability via /administrator/alerts/alertLightbox.php. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi Cuppacms
NVD GitHub VulDB
EPSS 7% CVSS 9.8
CRITICAL POC Act Now

CuppaCMS v1.0 was discovered to contain a SQL injection vulnerability via the menu_filter parameter at /administrator/templates/default/html/windows/right.php. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi Microsoft PHP +1
NVD GitHub VulDB
EPSS 3% CVSS 9.8
CRITICAL POC Act Now

CuppaCMS v1.0 was discovered to contain a remote code execution (RCE) vulnerability via the saveConfigData function in /classes/ajax/Functions.php. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP RCE Code Injection +1
NVD GitHub
EPSS 4% CVSS 5.3
MEDIUM POC This Month

CuppaCMS v1.0 was discovered to contain an arbitrary file read via the copy function. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Path Traversal Information Disclosure Cuppacms
NVD GitHub
EPSS 2% CVSS 9.8
CRITICAL POC Act Now

The component /jquery_file_upload/server/php/index.php of CuppaCMS v1.0 allows attackers to upload arbitrary files and execute arbitrary code via a crafted PHP file. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP RCE File Upload +1
NVD GitHub
EPSS 10% CVSS 7.8
HIGH POC This Week

CuppaCMS v1.0 was discovered to contain a local file inclusion via the url parameter in /alerts/alertConfigField.php. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP Information Disclosure Cuppacms
NVD GitHub
EPSS 8% CVSS 7.8
HIGH POC This Week

CuppaCMS v1.0 was discovered to contain a local file inclusion via the url parameter in /alerts/alertLightbox.php. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP Information Disclosure Cuppacms
NVD GitHub
EPSS 2% CVSS 7.5
HIGH POC This Week

The copy function of the file manager in Cuppa CMS v1.0 allows any file to be copied to the current directory, granting attackers read access to arbitrary files. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Cuppacms
NVD GitHub
EPSS 1% CVSS 8.8
HIGH POC This Week

An issue was discovered in Cuppa CMS Versions Before 31 Jan 2021 allows authenticated attackers to gain escalated privileges via a crafted POST request using the user_group_id_field parameter. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Privilege Escalation Cuppacms
NVD GitHub
EPSS 2% CVSS 8.8
HIGH This Week

The file manager option in CuppaCMS before 2019-11-12 allows an authenticated attacker to upload a malicious file within an image extension and through a custom request using the rename function. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

File Upload RCE PHP +1
NVD GitHub
EPSS 1% CVSS 5.4
MEDIUM POC This Month

CuppaCMS has XSS via an SVG document uploaded to the administrator/#/component/table_manager/view/cu_views URI. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS Cuppacms
NVD GitHub
EPSS 1% CVSS 9.8
CRITICAL POC Act Now

CuppaCMS before 2018-11-12 has SQL Injection in administrator/classes/ajax/functions.php via the reference_id parameter. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi PHP Cuppacms
NVD GitHub
EPSS 1% CVSS 4.8
MEDIUM POC This Month

Stored XSS exists in CuppaCMS through 2018-09-03 via an administrator/#/component/table_manager/view/cu_menus section name. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS Cuppacms
NVD GitHub

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy