Lucene search
+L

4 matches found

OSV
OSV
added 2021/04/20 8:15 p.m.16 views

CVE-2020-35314

A remote code execution vulnerability in the installUpdateThemePluginAction function in index.php in WonderCMS 3.1.3, allows remote attackers to upload a custom plugin which can contain arbitrary code and obtain a webshell via the theme/plugin installer...

9.8CVSS8.2AI score
Exploits0References4
Cvelist
Cvelist
added 2021/04/20 7:25 p.m.30 views

CVE-2020-35314

A remote code execution vulnerability in the installUpdateThemePluginAction function in index.php in WonderCMS 3.1.3, allows remote attackers to upload a custom plugin which can contain arbitrary code and obtain a webshell via the theme/plugin installer...

9.9AI score0.26912EPSS
Exploits2References4
CVE
CVE
added 2021/04/20 7:25 p.m.85 views

CVE-2020-35314

WonderCMS 3.1.3 is affected by a remote code execution via installUpdateThemePluginAction in index.php, enabling an attacker to upload a crafted plugin through the theme/plugin installer and execute arbitrary code. Some sources indicate this requires an authenticated session (authenticated RCE) a...

9.8CVSS9.8AI score0.26912EPSS
Exploits2References4Affected Software1
Exploit DB
Exploit DB
added 2020/12/02 12:0 a.m.455 views

WonderCMS 3.1.3 - Authenticated Remote Code Execution

Exploit Title: WonderCMS 3.1.3 - Authenticated Remote Code Execution Date: 2020-11-27 Exploit Author: zetc0de Vendor Homepage: https://www.wondercms.com/ Software Link: https://github.com/robiso/wondercms/releases/download/3.1.3/WonderCMS-3.1.3.zip Version: 3.1.3 Tested on: Ubuntu 16.04 CVE :...

9.8CVSS9.7AI score0.26912EPSS
Exploits2
Rows per page
Query Builder