Lucene search
+L

306 matches found

Cvelist
Cvelist
added 2024/03/05 12:0 a.m.26 views

CVE-2024-27563

A Server-Side Request Forgery SSRF in the getFileFromRepo function of WonderCMS v3.1.3 allows attackers to force the application to make arbitrary requests via injection of crafted URLs into the pluginThemeUrl parameter...

7.2AI score0.00417EPSS
Exploits1References1
CVE
CVE
added 2024/03/05 12:0 a.m.63 views

CVE-2024-27561

WonderCMS (version 3.1.3) is affected by a Server-Side Request Forgery (SSRF) in the installUpdateThemePluginAction function. The vulnerability allows an attacker to coerce the application into making arbitrary outbound requests by injecting crafted URLs into the installThemePlugin parameter. Pub...

9.1CVSS7.2AI score0.00585EPSS
Exploits1References1Affected Software1
Vulnrichment
Vulnrichment
added 2024/03/05 12:0 a.m.11 views

CVE-2024-27561

A Server-Side Request Forgery SSRF in the installUpdateThemePluginAction function of WonderCMS v3.1.3 allows attackers to force the application to make arbitrary requests via injection of crafted URLs into the installThemePlugin parameter...

7.3AI score0.00585EPSS
Exploits1References1
OSV
OSV
added 2024/03/05 12:0 a.m.5 views

CVE-2024-27563

A Server-Side Request Forgery SSRF in the getFileFromRepo function of WonderCMS v3.1.3 allows attackers to force the application to make arbitrary requests via injection of crafted URLs into the pluginThemeUrl parameter...

6.5CVSS7.2AI score0.00417EPSS
Exploits1References3
OSV
OSV
added 2024/03/05 12:0 a.m.8 views

CVE-2024-27561

A Server-Side Request Forgery SSRF in the installUpdateThemePluginAction function of WonderCMS v3.1.3 allows attackers to force the application to make arbitrary requests via injection of crafted URLs into the installThemePlugin parameter...

9.1CVSS7.2AI score0.00585EPSS
Exploits1References3
0day.today
0day.today
added 2024/02/19 12:0 a.m.210 views

Wondercms 4.3.2 - XSS to Remote Code Execute Exploit

Author: prodigiousMind Exploit: Wondercms 4.3.2 XSS to RCE import sys import requests import os import bs4 if lensys.argv4: print"usage: python3 exploit.py loginURL IPAddress Port\nexample: python3 exploit.py http://localhost/wondercms/loginURL 192.168.29.165 5252" else: data = ''' var url =...

7.4AI score
Exploits0
Packet Storm
Packet Storm
added 2024/02/19 12:0 a.m.270 views

WonderCMS 4.3.2 Cross Site Scripting / Remote Code Execution

Author: prodigiousMind Exploit: Wondercms 4.3.2 XSS to RCE import sys import requests import os import bs4 if lensys.argv4: print"usage: python3 exploit.py loginURL IPAddress Port\nexample: python3 exploit.py http://localhost/wondercms/loginURL 192.168.29.165 5252" else: data = ''' var url =...

7.4AI score
Exploits0
Exploit DB
Exploit DB
added 2024/02/19 12:0 a.m.390 views

Wondercms 4.3.2 - XSS to RCE

Author: prodigiousMind Exploit: Wondercms 4.3.2 XSS to RCE import sys import requests import os import bs4 if lensys.argv4: print"usage: python3 exploit.py loginURL IPAddress Port\nexample: python3 exploit.py http://localhost/wondercms/loginURL 192.168.29.165 5252" else: data = ''' var url =...

7.4AI score
Exploits0
CNNVD
CNNVD
added 2023/11/07 12:0 a.m.4 views

WonderCMS Security Breach

WonderCMS is an open source PHP-based content management system CMS. A security vulnerability exists in WonderCMS versions v.3.2.0 through v.3.4.2. An attacker can exploit this vulnerability to execute arbitrary code via specially crafted scripts uploaded to the installModule component...

6.1CVSS7.7AI score0.54305EPSS
Exploits16References3
GithubExploit
GithubExploit
added 2023/11/05 3:6 p.m.1151 views

Exploit for Cross-site Scripting in Wondercms

CVE-2023-41425 Description Cross Site Scripting vulnerabil...

6.1CVSS6.4AI score0.54305EPSS
Exploits16
Packet Storm
Packet Storm
added 2023/08/03 12:0 a.m.272 views

WonderCMS 0.6-Beta Remote File Inclusion

==================================================================================================================================== | Title : WonderCMS v0.6-Beta File inclusion Vulnerability | | Author : indoushka | | Tested on : windows 10 Français V.Pro / browser : Mozilla firefox 66.0.332-bit...

7.1AI score
Exploits0
Packet Storm
Packet Storm
added 2023/07/27 12:0 a.m.271 views

WonderCMS 0.6-Beta Password Disclosure

==================================================================================================================================== | Title : WonderCMS v0.6-Beta Password Disclosure Vulnerability | | Author : indoushka | | Tested on : windows 10 Français V.Pro / browser : Mozilla firefox...

7.1AI score
Exploits0
NVD
NVD
added 2022/11/17 11:15 p.m.21 views

CVE-2022-43332

A cross-site scripting XSS vulnerability in Wondercms v3.3.4 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Site title field of the Configuration Panel...

6.1CVSS0.00563EPSS
Exploits0References1
Prion
Prion
added 2022/11/17 11:15 p.m.16 views

Cross site scripting

A cross-site scripting XSS vulnerability in Wondercms v3.3.4 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Site title field of the Configuration Panel...

5.8CVSS5.9AI score0.00563EPSS
Exploits0References1Affected Software1
CVE
CVE
added 2022/11/17 12:0 a.m.93 views

CVE-2022-43332

CVE-2022-43332 affects WonderCMS v3.3.4. The vulnerability is a cross-site scripting (XSS) flaw exploitable via the Craft payload injected into the Site title field in the Configuration Panel, allowing execution of arbitrary web scripts/HTML. Notable impact details are that the issue concerns the...

6.1CVSS5.8AI score0.00563EPSS
Exploits0References1Affected Software1
CNNVD
CNNVD
added 2022/11/17 12:0 a.m.4 views

WonderCMS 跨站脚本漏洞

WonderCMS is an open source PHP-based content management system CMS. A security vulnerability exists in WonderCMS version v3.3.4. An attacker can exploit this vulnerability to execute arbitrary web script or HTML...

6.1CVSS6.6AI score0.00563EPSS
Exploits0References2
Cvelist
Cvelist
added 2022/11/17 12:0 a.m.29 views

CVE-2022-43332

A cross-site scripting XSS vulnerability in Wondercms v3.3.4 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Site title field of the Configuration Panel...

6AI score0.00563EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2022/11/17 12:0 a.m.11 views

CVE-2022-43332

A cross-site scripting XSS vulnerability in Wondercms v3.3.4 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Site title field of the Configuration Panel...

5.9AI score0.00563EPSS
Exploits0References1
OSV
OSV
added 2022/11/17 12:0 a.m.18 views

CVE-2022-43332

A cross-site scripting XSS vulnerability in Wondercms v3.3.4 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Site title field of the Configuration Panel...

6.1CVSS5.7AI score0.00563EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2022/11/11 12:0 a.m.9 views

PT-2022-26855 · Wondercms · Wondercms

Name of the Vulnerable Software and Affected Versions: Wondercms version 3.3.4 Description: A cross-site scripting XSS vulnerability allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Site title field of the Configuration Panel. Recommendations: For...

6.1CVSS6.1AI score0.00563EPSS
Exploits0References7
Rows per page
Query Builder