CVE-2026-38669

wCMS v.1.4 is vulnerable to Cross Site Scripting XSS when creating a new blog...

CVE-2020-24137

Directory traversal vulnerability in Wcms 0.3.2 allows an attacker to read arbitrary files on the server that is running an application via the path parameter to wex/cssjs.php...

EUVD-2020-16875

Malware in sbrugna...

EUVD-2020-16871

Malware in sbrugna...

EUVD-2023-35984

Malicious code in bioql PyPI...

CVE-2025-5149

A vulnerability was found in WCMS up to 8.3.11. It has been declared as critical. Affected by this vulnerability is the function getMemberByUid of the file /index.php?articleadmin/getallcon of the component Login. The manipulation of the argument uid leads to improper authentication. The attack c...

CVE-2025-5149

A vulnerability was found in WCMS up to 8.3.11. It has been declared as critical. Affected by this vulnerability is the function getMemberByUid of the file /index.php?articleadmin/getallcon of the component Login. The manipulation of the argument uid leads to improper authentication. The attack c...

CVE-2025-5149 WCMS Login getallcon getMemberByUid improper authentication

A vulnerability was found in WCMS up to 8.3.11. It has been declared as critical. Affected by this vulnerability is the function getMemberByUid of the file /index.php?articleadmin/getallcon of the component Login. The manipulation of the argument uid leads to improper authentication. The attack c...

CVE-2025-5149 WCMS Login getallcon getMemberByUid improper authentication

A vulnerability was found in WCMS up to 8.3.11. It has been declared as critical. Affected by this vulnerability is the function getMemberByUid of the file /index.php?articleadmin/getallcon of the component Login. The manipulation of the argument uid leads to improper authentication. The attack c...

CVE-2020-24139

Server-side request forgery in Wcms 0.3.2 lets an attacker send crafted requests from the back-end server of a vulnerable web application via the path parameter to wex/cssjs.php. It can help identify open ports, local network hosts and execute command on local services...

CVE-2025-3799

A vulnerability, which was classified as critical, was found in WCMS 11. Affected is an unknown function of the file app/controllers/AnonymousController.php. The manipulation of the argument email/username leads to sql injection. It is possible to launch the attack remotely. The exploit has been...

CVE-2025-3800

CVE-2025-3800 affects WCMS 11, with a SQL injection vulnerability in an unknown functionality of file app/controllers/AnonymousController.php, triggered by manipulating the mobile_phone argument. Attack is remote; exploit has been disclosed publicly. Connected documents corroborate the issue and ...

CVE-2025-3800 WCMS AnonymousController.php sql injection

A vulnerability has been found in WCMS 11 and classified as critical. Affected by this vulnerability is an unknown functionality of the file app/controllers/AnonymousController.php. The manipulation of the argument mobilephone leads to sql injection. The attack can be launched remotely. The explo...

CVE-2025-2978

CVE-2025-2978 affects WCMS 11; the Article Publishing Page contains a vulnerability in the Upload parameter that allows unrestricted uploads via /index.php?articleadmin/upload/?&CKEditor=container&CKEditorFuncNum=1. Exploitation is remote and the exploit has been disclosed publicly; vendor did no...

CVE-2025-2978 WCMS Article Publishing Page CKEditor unrestricted upload

A vulnerability was found in WCMS 11. It has been rated as critical. Affected by this issue is some unknown functionality of the file /index.php?articleadmin/upload/?&CKEditor=container&CKEditorFuncNum=1 of the component Article Publishing Page. The manipulation of the argument Upload leads to...

CVE-2023-31689

In Wcms 0.3.2, an attacker can send a crafted request from a vulnerable web application backend server /wcms/wex/html.php via the finish parameter and the textAreaCode parameter. It can write arbitrary strings into custom file names and upload any files, and write malicious code to execute script...

PT-2023-23418 · Wcms · Wcms

Name of the Vulnerable Software and Affected Versions: Wcms version 0.3.2 Description: The issue allows an attacker to send a crafted request from a vulnerable web application backend server via the "finish" parameter and the textAreaCode parameter in the "/wcms/wex/html.php" endpoint. This enabl...

Wcms Server-Side Request Forgery Vulnerability

WCMS is a content management system CMS. A server-side request forgery vulnerability exists in Wcms version 0.3.2, where an attacker sends a crafted request/html.php file to wex from the back-end server of a vulnerable web application via the pagename parameter. It can help to identify open ports...

WCMS Cross-Site Scripting Vulnerability

WCMS is a content management system CMS that uses an open web interface to build websites. A cross-site scripting vulnerability exists in WCMS version 0.3.2. The vulnerability can be exploited to inject arbitrary web script and HTML via the pagename parameter of wex/html.php...

WCMS Server-Side Request Forgery Vulnerability

WCMS is a content management system CMS that uses an open web interface to build websites. A server-side request forgery vulnerability exists in WCMS version 0.3.2. An attacker can send a specially crafted request from the web application's back-end server via the path parameter of wex/cssjs.php,...