Show filters
25 Total Results
Displaying 11-20 of 25
Sort by:
Attacker Value
Unknown

CVE-2022-25498

Disclosure Date: March 15, 2022 (last updated February 23, 2025)
CuppaCMS v1.0 was discovered to contain a remote code execution (RCE) vulnerability via the saveConfigData function in /classes/ajax/Functions.php.
Attack Vector: NetworkPrivileges: NoneUser Interaction: None
0
0
Attacker Value
Unknown

CVE-2022-25497

Disclosure Date: March 15, 2022 (last updated February 23, 2025)
CuppaCMS v1.0 was discovered to contain an arbitrary file read via the copy function.
Attack Vector: NetworkPrivileges: NoneUser Interaction: None
0
0
Attacker Value
Unknown

CVE-2022-25495

Disclosure Date: March 15, 2022 (last updated February 23, 2025)
The component /jquery_file_upload/server/php/index.php of CuppaCMS v1.0 allows attackers to upload arbitrary files and execute arbitrary code via a crafted PHP file.
Attack Vector: NetworkPrivileges: NoneUser Interaction: None
0
0
Attacker Value
Unknown

CVE-2022-25485

Disclosure Date: March 15, 2022 (last updated February 23, 2025)
CuppaCMS v1.0 was discovered to contain a local file inclusion via the url parameter in /alerts/alertLightbox.php.
Attack Vector: LocalPrivileges: NoneUser Interaction: Required
0
0
Attacker Value
Unknown

CVE-2022-25486

Disclosure Date: March 15, 2022 (last updated February 23, 2025)
CuppaCMS v1.0 was discovered to contain a local file inclusion via the url parameter in /alerts/alertConfigField.php.
Attack Vector: LocalPrivileges: NoneUser Interaction: Required
0
0
Attacker Value
Unknown

CVE-2022-25401

Disclosure Date: February 24, 2022 (last updated October 07, 2023)
The copy function of the file manager in Cuppa CMS v1.0 allows any file to be copied to the current directory, granting attackers read access to arbitrary files.
Attack Vector: NetworkPrivileges: NoneUser Interaction: None
0
0
Attacker Value
Unknown

CVE-2022-24647

Disclosure Date: February 10, 2022 (last updated February 23, 2025)
Cuppa CMS v1.0 was discovered to contain an arbitrary file deletion vulnerability via the unlink() function.
Attack Vector: NetworkPrivileges: LowUser Interaction: None
0
0
Attacker Value
Unknown

CVE-2022-24266

Disclosure Date: January 31, 2022 (last updated February 23, 2025)
Cuppa CMS v1.0 was discovered to contain a SQL injection vulnerability in /administrator/components/table_manager/ via the order_by parameter.
Attack Vector: NetworkPrivileges: NoneUser Interaction: None
0
0
Attacker Value
Unknown

CVE-2022-24265

Disclosure Date: January 31, 2022 (last updated February 23, 2025)
Cuppa CMS v1.0 was discovered to contain a SQL injection vulnerability in /administrator/components/menu/ via the path=component/menu/&menu_filter=3 parameter.
Attack Vector: NetworkPrivileges: NoneUser Interaction: None
0
0
Attacker Value
Unknown

CVE-2022-24264

Disclosure Date: January 31, 2022 (last updated February 23, 2025)
Cuppa CMS v1.0 was discovered to contain a SQL injection vulnerability in /administrator/components/table_manager/ via the search_word parameter.
Attack Vector: NetworkPrivileges: NoneUser Interaction: None
0
0
View More Topics  < Previous  Next >