RSS   Vulnerabilities for 'WCMS'   RSS

2021-04-07
 
CVE-2020-24140

CWE-918
 

 
Server-side request forgery in Wcms 0.3.2 let an attacker send crafted requests from the back-end server of a vulnerable web application via the pagename parameter to wex/html.php. It can help identify open ports, local network hosts and execute command on local services.

 
 
CVE-2020-24139

CWE-918
 

 
Server-side request forgery in Wcms 0.3.2 lets an attacker send crafted requests from the back-end server of a vulnerable web application via the path parameter to wex/cssjs.php. It can help identify open ports, local network hosts and execute command on local services.

 
 
CVE-2020-24137

CWE-22
 

 
Directory traversal vulnerability in Wcms 0.3.2 allows an attacker to read arbitrary files on the server that is running an application via the path parameter to wex/cssjs.php.

 
 
CVE-2020-24135

CWE-79
 

 
A Reflected Cross Site Scripting (XSS) Vulnerability was discovered in Wcms 0.3.2, which allows remote attackers to inject arbitrary web script and HTML via the type parameter to wex/cssjs.php.

 
 
CVE-2020-24138

CWE-79
 

 
Cross Site Scripting (XSS) vulnerability in wcms 0.3.2 allows remote attackers to inject arbitrary web script and HTML via the pagename parameter to wex/html.php.

 
 
CVE-2020-24136

CWE-22
 

 
Directory traversal in Wcms 0.3.2 allows an attacker to read arbitrary files on the server that is running an application via the pagename parameter to wex/html.php.

 
2019-07-23
 
CVE-2019-14240

CWE-352
 

 
WCMS v0.3.2 has a CSRF vulnerability, with resultant directory traversal, to modify index.html via the /wex/html.php?finish=../index.html URI.

 
2019-04-20
 
CVE-2019-11377

CWE-434
 

 
wcms/wex/finder/action.php in WCMS v0.3.2 has a Arbitrary File Upload Vulnerability via developer/finder because .php is a valid extension according to the fm_get_text_exts function.

 


Copyright 2024, cxsecurity.com

 

Back to Top