306 matches found
PT-2018-5678 · Wondercms · Wondercms
Name of the Vulnerable Software and Affected Versions: WonderCMS version 2.3.1 Description: The application's input fields accept arbitrary user input, resulting in the execution of malicious JavaScript. It is noted that the vendor disputes this issue, stating it is a feature that enables only a...
WonderCMS Cross-Site Request Forgery Vulnerability
WonderCMS is a PHP-based content management system. A cross-site request forgery vulnerability exists in WonderCMS. A remote attacker can exploit this vulnerability to perform unauthorized operations with null values or malformed command identifiers...
WonderCMS 2.1.0 Cross Site Request Forgery
document.forms0.submit; !-- Disclosure Timeline: --------------------- 2017-06-16: Vulnerability found. 2017-06-17: Reported to vendor. 2017-06-17: Vendor responded and send a new version for test in it. 2017-06-17: Test new version and vulernability patched successfully. 2017-06-18: Vendor...
WonderCMS 2.1.0 - Cross-Site Request Forgery Vulnerability
Exploit for php platform in category web applications document.forms0.submit; !-- Disclosure Timeline: --------------------- 2017-06-16: Vulnerability found. 2017-06-17: Reported to vendor. 2017-06-17: Vendor responded and send a new version for test in it. 2017-06-17: Test new version and...
WonderCMS 2.1.0 - Cross-Site Request Forgery
document.forms0.submit; !-- Disclosure Timeline: --------------------- 2017-06-16: Vulnerability found. 2017-06-17: Reported to vendor. 2017-06-17: Vendor responded and send a new version for test in it. 2017-06-17: Test new version and vulernability patched successfully. 2017-06-18: Vendor...
WonderCMS 2.1.0 - Cross-Site Request Forgery
WonderCMS 2.1.0 - Cross-Site Request Forgery document.forms0.submit; !-- Disclosure Timeline: --------------------- 2017-06-16: Vulnerability found. 2017-06-17: Reported to vendor. 2017-06-17: Vendor responded and send a new version for test in it. 2017-06-17: Test new version and vulernability...
CVE-2017-7951
WonderCMS before 2.0.3 has CSRF because of lack of a token in an unspecified context...
Cross site request forgery (csrf)
WonderCMS before 2.0.3 has CSRF because of lack of a token in an unspecified context...
CVE-2017-7951
WonderCMS before 2.0.3 has CSRF because of lack of a token in an unspecified context...
CVE-2017-7951
WonderCMS before 2.0.3 has CSRF because of lack of a token in an unspecified context...
CVE-2017-7951
CVE-2017-7951 affects WonderCMS prior to version 2.0.3. The vulnerability is a CSRF due to lack of a token in an unspecified context, as described in NVD and corroborated by multiple sources. The primary affected component is WonderCMS’s request handling where a missing anti-CSRF token enables CS...
WonderCMS 0.9.8 Cross Site Scripting
============================================= MGC ALERT 2016-006 - Original release date: Nov 16, 2016 - Last revised: Nov 21, 2016 - Discovered by: Manuel Garcia Cardenas - Severity: 4,8/10 CVSS Base Score ============================================= I. VULNERABILITY -------------------------...
Multiple Vulnerabilities in WonderCMS
WonderCMS is a PHP-based content management system. WonderCMS suffers from local file inclusion, information disclosure, and directory traversal vulnerabilities. An attacker could exploit these vulnerabilities to execute arbitrary local scripts and retrieve contextually arbitrary files from an...
Wonder CMS 0.6-Beta File Inclusion / Traversal / Disclosure Vulnerabilities
Wonder CMS version 0.6-Beta suffers from inclusion, password disclosure, and directory traversal vulnerabilities. | Title : WonderCMS 0.6-Beta Multi Vulnerability | Author : indoushka | email : email protected | Dork : ©2015 Your website | Powered by WonderCMS | Login | Tested on: windows 8.1...
Wonder CMS 0.6-Beta File Inclusion / Traversal / Disclosure
| Title : WonderCMS 0.6-Beta Multi Vulnerability | Author : indoushka | email : [email protected] | Dork : ©2015 Your website | Powered by WonderCMS | Login | Tested on: windows 8.1 Français V.Pro | Download : http://wondercms.com/ ======================================= File inclusion :...
CVE-2011-5317
Cross-site scripting XSS vulnerability in editText.php in WonderCMS before 0.4 allows remote attackers to inject arbitrary web script or HTML via the content parameter...
Cross site scripting
Cross-site scripting XSS vulnerability in editText.php in WonderCMS before 0.4 allows remote attackers to inject arbitrary web script or HTML via the content parameter...
CVE-2011-5317
The CVE-2011-5317 entry describes an XSS vulnerability in WonderCMS prior to version 0.4, exploitable through the content parameter in editText.php. Affected software: WonderCMS (pre-0.4); vulnerable component: editText.php. Root cause: cross-site scripting via unescaped content input. Impact: al...
CVE-2011-5317
Cross-site scripting XSS vulnerability in editText.php in WonderCMS before 0.4 allows remote attackers to inject arbitrary web script or HTML via the content parameter...
XSS vulnerability in WonderCMS
Vulnerability ID: HTB22759 Reference: http://www.htbridge.ch/advisory/xssvulnerabilityinwondercms.html Product: WonderCMS Vendor: Robert Isoski http://krneky.com/en/wondercms Vulnerable Version: 0.3.3 and probably prior versions Vendor Notification: 21 December 2010 Vulnerability Type: XSS Cross...