Lucene search

Webedition Cms Security Vulnerabilities

cve

CVE-2008-4154

SQL injection vulnerability in living-e webEdition CMS allows remote attackers to execute arbitrary SQL commands via the we_objectID parameter.

8.4AI Score

0.001EPSS

2008-09-19 11:00 PM

cve

CVE-2014-2302

The installer script in webEdition CMS before 6.2.7-s1 and 6.3.x before 6.3.8-s1 allows remote attackers to conduct PHP Object Injection attacks by intercepting a request to update.webedition.org.

9.8CVSS

9.4AI Score

0.016EPSS

2018-07-19 05:29 PM

cve

CVE-2014-2303

Multiple SQL injection vulnerabilities in the file browser component (we_fs.php) in webEdition CMS before 6.2.7-s1.2 and 6.3.x through 6.3.8 before -s1 allow remote attackers to execute arbitrary SQL commands via the (1) table or (2) order parameter.

8.7AI Score

0.003EPSS

2014-06-13 02:55 PM

cve

CVE-2014-5258

Directory traversal vulnerability in showTempFile.php in webEdition CMS before 6.3.9.0 Beta allows remote authenticated users to read arbitrary files via a .. (dot dot) in the file parameter.

6.1AI Score

0.014EPSS

2014-11-06 06:55 PM