WCMS 路径遍历漏洞

WCMS is a content management system CMS. A security vulnerability exists in WCMS version v.0.3.2. An attacker can exploit the vulnerability to execute arbitrary code via the wex/cssjs.php parameter...

PT-2023-11540 · Unknown · Cryptoprof Wcms

Name of the Vulnerable Software and Affected Versions: Cryptoprof WCMS version 0.3.2 Description: A Directory Traversal issue allows a remote attacker to execute arbitrary code via the wex/cssjs.php parameter. Recommendations: For Cryptoprof WCMS version 0.3.2, consider restricting access to the...

CVE-2020-19902

Directory Traversal vulnerability found in Cryptoprof WCMS v.0.3.2 allows a remote attacker to execute arbitrary code via the wex/cssjs.php parameter...

CVE-2020-24139

Server-side request forgery in Wcms 0.3.2 lets an attacker send crafted requests from the back-end server of a vulnerable web application via the path parameter to wex/cssjs.php. It can help identify open ports, local network hosts and execute command on local services...

Server side request forgery (ssrf)

Server-side request forgery in Wcms 0.3.2 lets an attacker send crafted requests from the back-end server of a vulnerable web application via the path parameter to wex/cssjs.php. It can help identify open ports, local network hosts and execute command on local services...

CVE-2020-24135

CVE-2020-24135 is a reflected XSS vulnerability in WCMS version 0.3.2. The issue arises in the wex/cssjs.php handler where the attacker can supply a crafted value for the type parameter to inject arbitrary web script/HTML. This vulnerability is documented across multiple sources (e.g., Red Hat, C...