Tyhko

Name of the Vulnerable Software and Affected Versions: Cuppa CMS versions prior to 31 Jan 2021 Description: The issue allows authenticated attackers to gain escalated privileges via a crafted POST request using the `user group id field` parameter. Recommendations: For Cuppa CMS versions prior to 31 Jan 2021, consider restricting access to the `user group id field` parameter in POST requests until a fix is available. At the moment, there is no information about a newer version that contains a fix for this vulnerability.