CVE-2022-37190
Summary
CuppaCMS 1.0 is vulnerable to Remote Code Execution (RCE). An authenticated user can control both parameters (action and function) from "/api/index.php.
- LOW
- NETWORK
- HIGH
- UNCHANGED
- NONE
- LOW
- HIGH
- HIGH
References
Advisory Timeline
- Published