CVE-2022-38296

CRITICAL EXPLOITED NUCLEI

Cuppa CMS v1.0 - File Upload

Title source: llm

Description

Cuppa CMS v1.0 was discovered to contain an arbitrary file upload vulnerability via the File Manager.

Nuclei Templates (1)

Cuppa CMS v1.0 - Arbitrary File Upload
CRITICALVERIFIEDby theamanrawat

References (1)

Scores

CVSS v3 9.8
EPSS 0.8062
EPSS Percentile 99.1%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Details

VulnCheck KEV 2026-03-07
CWE
CWE-434
Status published
Products (1)
cuppacms/cuppacms 1.0
Published Sep 12, 2022
Tracked Since Feb 18, 2026