Webedition CMS v2.9.8.8 - Stored XSS

Exploit Title: Webedition CMS v2.9.8.8 - Stored XSS Application: Webedition CMS Version: v2.9.8.8 Bugs: Stored Xss Technology: PHP Vendor URL: https://www.webedition.org/ Software Link: https://download.webedition.org/releases/OnlineInstaller.tgz?p=1 Date of found: 03.08.2023 Author: Mirabbas...

Webedition CMS 2.9.8.8 Remote Code Execution

Exploit Title: Webedition CMS v2.9.8.8 - Remote Code Execution RCE Application: webedition Cms Version: v2.9.8.8 Bugs: RCE Technology: PHP Vendor URL: https://www.webedition.org/ Software Link: https://download.webedition.org/releases/OnlineInstaller.tgz?p=1 Date of found: 03.08.2023 Author:...

Webedition CMS 2.9.8.8 Cross Site Scripting

Exploit Title: Webedition CMS v2.9.8.8 - Stored XSS Application: Webedition CMS Version: v2.9.8.8 Bugs: Stored Xss Technology: PHP Vendor URL: https://www.webedition.org/ Software Link: https://download.webedition.org/releases/OnlineInstaller.tgz?p=1 Date of found: 03.08.2023 Author: Mirabbas...

Webedition CMS v2.9.8.8 - Remote Code Execution (RCE)

Exploit Title: Webedition CMS v2.9.8.8 - Remote Code Execution RCE Application: webedition Cms Version: v2.9.8.8 Bugs: RCE Technology: PHP Vendor URL: https://www.webedition.org/ Software Link: https://download.webedition.org/releases/OnlineInstaller.tgz?p=1 Date of found: 03.08.2023 Author:...

webEdition CMS Detection (HTTP)

HTTP based detection of webEdition CMS. SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription scriptoid"1.3.6.1.4.1.25623.1.0.147973";...

Design/Logic Flaw

The installer script in webEdition CMS before 6.2.7-s1 and 6.3.x before 6.3.8-s1 allows remote attackers to conduct PHP Object Injection attacks by intercepting a request to update.webedition.org...

CVE-2014-2302

The installer script in webEdition CMS before 6.2.7-s1 and 6.3.x before 6.3.8-s1 allows remote attackers to conduct PHP Object Injection attacks by intercepting a request to update.webedition.org...

CVE-2014-2302

The installer script in webEdition CMS before 6.2.7-s1 and 6.3.x before 6.3.8-s1 allows remote attackers to conduct PHP Object Injection attacks by intercepting a request to update.webedition.org...

CVE-2014-2302

The CVE-2014-2302 entry is substantiated by multiple connected documents: webEdition CMS installer/online installer vulnerability leading to remote command execution via PHP object injection when the installer communicates with update.webedition.org. Affected versions include webEdition CMS befor...

CVE-2014-5258

Directory traversal vulnerability in showTempFile.php in webEdition CMS before 6.3.9.0 Beta allows remote authenticated users to read arbitrary files via a .. dot dot in the file parameter...

Directory traversal

Directory traversal vulnerability in showTempFile.php in webEdition CMS before 6.3.9.0 Beta allows remote authenticated users to read arbitrary files via a .. dot dot in the file parameter...

CVE-2014-5258

Directory traversal vulnerability in showTempFile.php in webEdition CMS before 6.3.9.0 Beta allows remote authenticated users to read arbitrary files via a .. dot dot in the file parameter...

CVE-2014-5258

CVE-2014-5258 affects webEdition CMS (pre-6.3.9.0 Beta) where showTempFile.php is vulnerable to directory traversal via the file parameter. The flaw allows remote authenticated users to read arbitrary server files by crafting ../ sequences. Public sources (HTB HTB23227 advisory and CVE entries) c...

Path Traversal in webEdition

Advisory ID: HTB23227 Product: webEdition Vendor: webEdition e.V. Vulnerable Versions: 6.3.8.0 SVN-Revision: 6985 and probably prior Tested Version: 6.3.8.0 SVN-Revision: 6985 Advisory Publication: August 6, 2014 without technical details Vendor Notification: August 6, 2014 Vendor Patch: Septembe...

webEdition 6.3.8.0 (SVN-Revision: 6985) - Path Traversal

No description provided by source. Advisory ID: HTB23227 Product: webEdition Vendor: webEdition e.V. Vulnerable Versions: 6.3.8.0 SVN-Revision: 6985 and probably prior Tested Version: 6.3.8.0 SVN-Revision: 6985 Advisory Publication: August 6, 2014 without technical details Vendor Notification:...

webEdition 6.3.8.0 (SVN-Revision: 6985) - Directory Traversal

webEdition 6.3.8.0 SVN-Revision: 6985 - Directory Traversal Advisory ID: HTB23227 Product: webEdition Vendor: webEdition e.V. Vulnerable Versions: 6.3.8.0 SVN-Revision: 6985 and probably prior Tested Version: 6.3.8.0 SVN-Revision: 6985 Advisory Publication: August 6, 2014 without technical detail...

webEdition 6.3.8.0 (SVN-Revision: 6985) - Directory Traversal

Advisory ID: HTB23227 Product: webEdition Vendor: webEdition e.V. Vulnerable Versions: 6.3.8.0 SVN-Revision: 6985 and probably prior Tested Version: 6.3.8.0 SVN-Revision: 6985 Advisory Publication: August 6, 2014 without technical details Vendor Notification: August 6, 2014 Vendor Patch: Septembe...

webEdition 6.3.8.0 Path Traversal Vulnerability

webEdition version 6.3.8.0 suffers from a path traversal vulnerability. Vendor: webEdition e.V. Vulnerable Versions: 6.3.8.0 SVN-Revision: 6985 and probably prior Tested Version: 6.3.8.0 SVN-Revision: 6985 Advisory Publication: August 6, 2014 without technical details Vendor Notification: August ...

webEdition 6.3.8.0 Path Traversal

Advisory ID: HTB23227 Product: webEdition Vendor: webEdition e.V. Vulnerable Versions: 6.3.8.0 SVN-Revision: 6985 and probably prior Tested Version: 6.3.8.0 SVN-Revision: 6985 Advisory Publication: August 6, 2014 without technical details Vendor Notification: August 6, 2014 Vendor Patch: Septembe...

Path Traversal in webEdition

High-Tech Bridge Security Research Lab discovered vulnerability in webEdition, which can be exploited to read arbitrary files on the target system. 1 Path Traversal in webEdition: CVE-2014-5258 The vulnerability exists due to insufficient sanitization of the "file" HTTP GET parameter in...