CVE-2022-37190

HIGH NUCLEI

Cuppacms - Remote Code Execution

Title source: rule

Description

CuppaCMS 1.0 is vulnerable to Remote Code Execution (RCE). An authenticated user can control both parameters (action and function) from "/api/index.php.

Nuclei Templates (1)

Cuppa CMS v1.0 - Remote Code Execution
HIGHVERIFIEDby theamanrawat

References (2)

Scores

CVSS v3 8.8
EPSS 0.8541
EPSS Percentile 99.4%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Details

Status published
Products (1)
cuppacms/cuppacms 1.0
Published Sep 13, 2022
Tracked Since Feb 18, 2026