Lucene search

K

Wowonder Security Vulnerabilities

cve
cve

CVE-2022-42984

WoWonder Social Network Platform 4.1.4 was discovered to contain a SQL injection vulnerability via the offset parameter at...

9.8CVSS

9.8AI Score

0.002EPSS

2022-11-15 12:15 AM
68
9
cve
cve

CVE-2022-40405

WoWonder Social Network Platform v4.1.2 was discovered to contain a SQL injection vulnerability via the offset parameter at...

7.5CVSS

7.8AI Score

0.001EPSS

2022-11-15 12:15 AM
40
8
cve
cve

CVE-2022-1753

A vulnerability, which was classified as critical, was found in WoWonder. Affected is the file /requests.php which is responsible to handle group messages. The manipulation of the argument group_id allows posting messages in other groups. It is possible to launch the attack remotely but it might...

5.4CVSS

4.7AI Score

0.001EPSS

2022-05-17 06:15 AM
47
7
cve
cve

CVE-2022-26254

WoWonder The Ultimate PHP Social Network Platform v4.0.0 was discovered to contain an access control issue which allows unauthenticated attackers to arbitrarily change group ID...

5.3CVSS

5.5AI Score

0.001EPSS

2022-03-27 05:15 PM
46
cve
cve

CVE-2021-27200

In WoWonder 3.0.4, remote attackers can take over any account due to the weak cryptographic algorithm in recover.php. The code parameter is easily predicted from the time of...

9.8CVSS

9.4AI Score

0.064EPSS

2021-06-11 06:15 PM
32
8
cve
cve

CVE-2021-26935

In WoWonder < 3.1, remote attackers can gain access to the database by exploiting a requests.php?f=search-my-followers SQL Injection vulnerability via the event_id...

7.5CVSS

7.9AI Score

0.006EPSS

2021-03-18 03:15 PM
24
2