Filtered by vendor Cuppacms
Subscriptions
Total
25 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2022-24265 | 1 Cuppacms | 1 Cuppacms | 2022-02-03 | 7.5 High |
| Cuppa CMS v1.0 was discovered to contain a SQL injection vulnerability in /administrator/components/menu/ via the path=component/menu/&menu_filter=3 parameter. | ||||
| CVE-2022-24264 | 1 Cuppacms | 1 Cuppacms | 2022-02-03 | 7.5 High |
| Cuppa CMS v1.0 was discovered to contain a SQL injection vulnerability in /administrator/components/table_manager/ via the search_word parameter. | ||||
| CVE-2020-26048 | 1 Cuppacms | 1 Cuppacms | 2020-10-14 | 8.8 High |
| The file manager option in CuppaCMS before 2019-11-12 allows an authenticated attacker to upload a malicious file within an image extension and through a custom request using the rename function provided by the file manager is able to modify the image extension into PHP resulting in remote arbitrary code execution. | ||||
| CVE-2018-17300 | 1 Cuppacms | 1 Cuppacms | 2019-09-16 | 4.8 Medium |
| Stored XSS exists in CuppaCMS through 2018-09-03 via an administrator/#/component/table_manager/view/cu_menus section name. | ||||
| CVE-2018-19918 | 1 Cuppacms | 1 Cuppacms | 2019-02-25 | N/A |
| CuppaCMS has XSS via an SVG document uploaded to the administrator/#/component/table_manager/view/cu_views URI. | ||||