RSS   Vulnerabilities for 'Wbce cms'   RSS

2022-05-17
 
CVE-2022-30072

CWE-79
 
 
WBCE CMS 1.5.2 is vulnerable to Cross Site Scripting (XSS) via \admin\pages\sections_save.php namesection2 parameters.

 
2022-04-28
 
CVE-2022-28477

CWE-79
 
 
WBCE CMS 1.5.2 is vulnerable to Cross Site Scripting (XSS).

 
2022-02-24
 
CVE-2022-25099

NVD-CWE-noinfo
 
 
A vulnerability in the component /languages/index.php of WBCE CMS v1.5.2 allows attackers to execute arbitrary code via a crafted PHP file.

 
 
CVE-2022-25101

NVD-CWE-noinfo
 
 
A vulnerability in the component /templates/install.php of WBCE CMS v1.5.2 allows attackers to execute arbitrary code via a crafted PHP file.

 
2021-12-09
 
CVE-2021-3817

CWE-89
 
 
wbce_cms is vulnerable to Improper Neutralization of Special Elements used in an SQL Command

 
2018-01-25
 
CVE-2018-6313

CWE-79
 
 
Cross-site scripting (XSS) in WBCE CMS 1.3.1 allows remote authenticated administrators to inject arbitrary web script or HTML via the Modify Page screen, a different issue than CVE-2017-2118.

 
2017-11-16
 
CVE-2017-1000213

CWE-79
 
 
WBCE v1.1.11 is vulnerable to reflected XSS via the "begriff" POST parameter in /admin/admintools/tool.php?tool=user_search

 
2017-04-28
 
CVE-2017-2120

 
 
SQL injection vulnerability in the WBCE CMS 1.1.10 and earlier allows attacker with administrator rights to execute arbitrary SQL commands via unspecified vectors.

 
 
CVE-2017-2119

 
 
Directory traversal vulnerability in WBCE CMS 1.1.10 and earlier allows remote attackers to read arbitrary files via unspecified vectors.

 
 
CVE-2017-2118

 
 
Cross-site scripting vulnerability in WBCE CMS 1.1.10 and earlier allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.

 

Copyright 2024, cxsecurity.com

 

Back to Top