306 matches found
CVE-2024-27563
A Server-Side Request Forgery SSRF in the getFileFromRepo function of WonderCMS v3.1.3 allows attackers to force the application to make arbitrary requests via injection of crafted URLs into the pluginThemeUrl parameter...
CVE-2024-27561
WonderCMS (version 3.1.3) is affected by a Server-Side Request Forgery (SSRF) in the installUpdateThemePluginAction function. The vulnerability allows an attacker to coerce the application into making arbitrary outbound requests by injecting crafted URLs into the installThemePlugin parameter. Pub...
CVE-2024-27561
A Server-Side Request Forgery SSRF in the installUpdateThemePluginAction function of WonderCMS v3.1.3 allows attackers to force the application to make arbitrary requests via injection of crafted URLs into the installThemePlugin parameter...
CVE-2024-27563
A Server-Side Request Forgery SSRF in the getFileFromRepo function of WonderCMS v3.1.3 allows attackers to force the application to make arbitrary requests via injection of crafted URLs into the pluginThemeUrl parameter...
CVE-2024-27561
A Server-Side Request Forgery SSRF in the installUpdateThemePluginAction function of WonderCMS v3.1.3 allows attackers to force the application to make arbitrary requests via injection of crafted URLs into the installThemePlugin parameter...
Wondercms 4.3.2 - XSS to Remote Code Execute Exploit
Author: prodigiousMind Exploit: Wondercms 4.3.2 XSS to RCE import sys import requests import os import bs4 if lensys.argv4: print"usage: python3 exploit.py loginURL IPAddress Port\nexample: python3 exploit.py http://localhost/wondercms/loginURL 192.168.29.165 5252" else: data = ''' var url =...
WonderCMS 4.3.2 Cross Site Scripting / Remote Code Execution
Author: prodigiousMind Exploit: Wondercms 4.3.2 XSS to RCE import sys import requests import os import bs4 if lensys.argv4: print"usage: python3 exploit.py loginURL IPAddress Port\nexample: python3 exploit.py http://localhost/wondercms/loginURL 192.168.29.165 5252" else: data = ''' var url =...
Wondercms 4.3.2 - XSS to RCE
Author: prodigiousMind Exploit: Wondercms 4.3.2 XSS to RCE import sys import requests import os import bs4 if lensys.argv4: print"usage: python3 exploit.py loginURL IPAddress Port\nexample: python3 exploit.py http://localhost/wondercms/loginURL 192.168.29.165 5252" else: data = ''' var url =...
WonderCMS Security Breach
WonderCMS is an open source PHP-based content management system CMS. A security vulnerability exists in WonderCMS versions v.3.2.0 through v.3.4.2. An attacker can exploit this vulnerability to execute arbitrary code via specially crafted scripts uploaded to the installModule component...
Exploit for Cross-site Scripting in Wondercms
CVE-2023-41425 Description Cross Site Scripting vulnerabil...
WonderCMS 0.6-Beta Remote File Inclusion
==================================================================================================================================== | Title : WonderCMS v0.6-Beta File inclusion Vulnerability | | Author : indoushka | | Tested on : windows 10 Français V.Pro / browser : Mozilla firefox 66.0.332-bit...
WonderCMS 0.6-Beta Password Disclosure
==================================================================================================================================== | Title : WonderCMS v0.6-Beta Password Disclosure Vulnerability | | Author : indoushka | | Tested on : windows 10 Français V.Pro / browser : Mozilla firefox...
CVE-2022-43332
A cross-site scripting XSS vulnerability in Wondercms v3.3.4 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Site title field of the Configuration Panel...
Cross site scripting
A cross-site scripting XSS vulnerability in Wondercms v3.3.4 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Site title field of the Configuration Panel...
CVE-2022-43332
CVE-2022-43332 affects WonderCMS v3.3.4. The vulnerability is a cross-site scripting (XSS) flaw exploitable via the Craft payload injected into the Site title field in the Configuration Panel, allowing execution of arbitrary web scripts/HTML. Notable impact details are that the issue concerns the...
WonderCMS 跨站脚本漏洞
WonderCMS is an open source PHP-based content management system CMS. A security vulnerability exists in WonderCMS version v3.3.4. An attacker can exploit this vulnerability to execute arbitrary web script or HTML...
CVE-2022-43332
A cross-site scripting XSS vulnerability in Wondercms v3.3.4 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Site title field of the Configuration Panel...
CVE-2022-43332
A cross-site scripting XSS vulnerability in Wondercms v3.3.4 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Site title field of the Configuration Panel...
CVE-2022-43332
A cross-site scripting XSS vulnerability in Wondercms v3.3.4 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Site title field of the Configuration Panel...
PT-2022-26855 · Wondercms · Wondercms
Name of the Vulnerable Software and Affected Versions: Wondercms version 3.3.4 Description: A cross-site scripting XSS vulnerability allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Site title field of the Configuration Panel. Recommendations: For...