4 matches found
CVE-2020-35314
A remote code execution vulnerability in the installUpdateThemePluginAction function in index.php in WonderCMS 3.1.3, allows remote attackers to upload a custom plugin which can contain arbitrary code and obtain a webshell via the theme/plugin installer...
CVE-2020-35314
A remote code execution vulnerability in the installUpdateThemePluginAction function in index.php in WonderCMS 3.1.3, allows remote attackers to upload a custom plugin which can contain arbitrary code and obtain a webshell via the theme/plugin installer...
CVE-2020-35314
WonderCMS 3.1.3 is affected by a remote code execution via installUpdateThemePluginAction in index.php, enabling an attacker to upload a crafted plugin through the theme/plugin installer and execute arbitrary code. Some sources indicate this requires an authenticated session (authenticated RCE) a...
WonderCMS 3.1.3 - Authenticated Remote Code Execution
Exploit Title: WonderCMS 3.1.3 - Authenticated Remote Code Execution Date: 2020-11-27 Exploit Author: zetc0de Vendor Homepage: https://www.wondercms.com/ Software Link: https://github.com/robiso/wondercms/releases/download/3.1.3/WonderCMS-3.1.3.zip Version: 3.1.3 Tested on: Ubuntu 16.04 CVE :...