RSS   Vulnerabilities for 'Cuppacms'   RSS

2022-03-15
 
CVE-2022-25485

CWE-829
 

 
CuppaCMS v1.0 was discovered to contain a local file inclusion via the url parameter in /alerts/alertLightbox.php.

 
 
CVE-2022-25486

CWE-829
 

 
CuppaCMS v1.0 was discovered to contain a local file inclusion via the url parameter in /alerts/alertConfigField.php.

 
 
CVE-2022-25495

CWE-434
 

 
The component /jquery_file_upload/server/php/index.php of CuppaCMS v1.0 allows attackers to upload arbitrary files and execute arbitrary code via a crafted PHP file.

 
 
CVE-2022-25497

CWE-552
 

 
CuppaCMS v1.0 was discovered to contain an arbitrary file read via the copy function.

 
 
CVE-2022-25498

CWE-20
 

 
CuppaCMS v1.0 was discovered to contain a remote code execution (RCE) vulnerability via the saveConfigData function in /classes/ajax/Functions.php.

 
2022-02-24
 
CVE-2022-25401

NVD-CWE-noinfo
 

 
The copy function of the file manager in Cuppa CMS v1.0 allows any file to be copied to the current directory, granting attackers read access to arbitrary files.

 
2022-02-10
 
CVE-2022-24647

CWE-22
 

 
Cuppa CMS v1.0 was discovered to contain an arbitrary file deletion vulnerability via the unlink() function.

 
2022-01-31
 
CVE-2022-24264

CWE-89
 

 
Cuppa CMS v1.0 was discovered to contain a SQL injection vulnerability in /administrator/components/table_manager/ via the search_word parameter.

 
 
CVE-2022-24265

CWE-89
 

 
Cuppa CMS v1.0 was discovered to contain a SQL injection vulnerability in /administrator/components/menu/ via the path=component/menu/&menu_filter=3 parameter.

 
 
CVE-2022-24266

CWE-89
 

 
Cuppa CMS v1.0 was discovered to contain a SQL injection vulnerability in /administrator/components/table_manager/ via the order_by parameter.

 


Copyright 2022, cxsecurity.com

 

Back to Top