34 matches found
CVE-2018-14877
An issue was discovered in WeaselCMS v0.3.5. XSS exists via Site Language, Site Title, Site Description, and Site Keywords on the SETTINGS page...
CVE-2018-14958
An issue was discovered in WeaselCMS v0.3.5. CSRF can update the website settings such as the theme, title, and description via index.php...
EUVD-2018-6840
Malware in sbrugna...
EUVD-2018-8198
Malware in sbrugna...
EUVD-2018-9116
Malware in sbrugna...
EUVD-2018-6759
Malware in sbrugna...
EUVD-2018-6841
Malware in sbrugna...
CVE-2018-14959
An issue was discovered in WeaselCMS v0.3.5. CSRF can create new pages via an index.php?b=pages=new URI...
WeaselCMS Cross-Site Scripting Vulnerability (CNVD-2018-20069)
WeaselCMS is a lightweight content management system CMS written in PHP. A cross-site scripting vulnerability exists in WeaselCMS version 0.3.6, which stems from the program's failure to properly handle $SERVER'PHPSELF', and can be exploited by remote attackers to inject arbitrary web script or...
Cross site scripting
Multiple XSS vulnerabilities in WeaselCMS v0.3.6 allow remote attackers to inject arbitrary web script or HTML via the PATHINFO to index.php because $SERVER'PHPSELF' is mishandled...
CVE-2018-17361
Multiple XSS vulnerabilities in WeaselCMS v0.3.6 allow remote attackers to inject arbitrary web script or HTML via the PATHINFO to index.php because $SERVER'PHPSELF' is mishandled...
CVE-2018-17361
Multiple XSS vulnerabilities in WeaselCMS v0.3.6 allow remote attackers to inject arbitrary web script or HTML via the PATHINFO to index.php because $SERVER'PHPSELF' is mishandled...
CVE-2018-17361
Multiple XSS vulnerabilities in WeaselCMS v0.3.6 allow remote attackers to inject arbitrary web script or HTML via the PATHINFO to index.php because $SERVER'PHPSELF' is mishandled...
CVE-2018-17361
CVE-2018-17361 affects WeaselCMS v0.3.6 (PHP). Multiple XSS vulnerabilities allow remote attackers to inject arbitrary web script or HTML via PATH_INFO to index.php; root cause is mishandling of $_SERVER['PHP_SELF']. Public exploit details are not provided in the connected documents; no remediati...
CVE-2018-16352
There is a PHP code upload vulnerability in WeaselCMS 0.3.6 via index.php because code can be embedded at the end of a .png file when the image/png content type is used...
CVE-2018-16352
There is a PHP code upload vulnerability in WeaselCMS 0.3.6 via index.php because code can be embedded at the end of a .png file when the image/png content type is used...
Design/Logic Flaw
There is a PHP code upload vulnerability in WeaselCMS 0.3.6 via index.php because code can be embedded at the end of a .png file when the image/png content type is used...
CVE-2018-16352
CVE-2018-16352 affects WeaselCMS 0.3.6. A vulnerability in index.php allows PHP code to be embedded at the end of a .png file when served as image/png, enabling a PHP code upload vulnerability. The CVE is documented across multiple sources (NVD, OSV, CVE lists). The connected documents provide th...
CVE-2018-16352
There is a PHP code upload vulnerability in WeaselCMS 0.3.6 via index.php because code can be embedded at the end of a .png file when the image/png content type is used...
WeaselCMS Cross-Site Request Forgery Vulnerability
WeaselCMS is a lightweight content management system CMS written in PHP. A cross-site request forgery vulnerability exists in WeaselCMS version 0.3.5. A remote attacker can exploit this vulnerability to create a new page with index.php?b=pages&a=new URI...