3 matches found
CVE-2019-14240
WCMS v0.3.2 has a CSRF vulnerability, with resultant directory traversal, to modify index.html via the /wex/html.php?finish=../index.html URI...
CVE-2019-14240
WCMS v0.3.2 has a CSRF vulnerability, with resultant directory traversal, to modify index.html via the /wex/html.php?finish=../index.html URI...
CVE-2019-14240
Summary: WCMS v0.3.2 contains a CSRF vulnerability that enables directory traversal to modify the homepage (index.html) via the URI /wex/html.php?finish=../index.html. The issue resides in the web editor component (wex/html.php) and does not require authentication, enabling potential unauthorized...