CuppaCMS 1.0 is vulnerable to Remote Code Execution (RCE). An authenticated user can control both parameters (action and function) from “/api/index.php.
View the template here CVE-2022-37190.yaml
echo "$URL" | nuclei -t ~/nuclei-templates/http/cves/2022/CVE-2022-37190.yaml
References: