23 matches found
CVE-2026-38669
wCMS v.1.4 is vulnerable to Cross Site Scripting XSS when creating a new blog...
CVE-2020-24137
Directory traversal vulnerability in Wcms 0.3.2 allows an attacker to read arbitrary files on the server that is running an application via the path parameter to wex/cssjs.php...
EUVD-2020-16871
Malware in sbrugna...
EUVD-2020-16875
Malware in sbrugna...
EUVD-2023-35984
Malicious code in bioql PyPI...
CVE-2025-5149
A vulnerability was found in WCMS up to 8.3.11. It has been declared as critical. Affected by this vulnerability is the function getMemberByUid of the file /index.php?articleadmin/getallcon of the component Login. The manipulation of the argument uid leads to improper authentication. The attack c...
CVE-2025-5149
A vulnerability was found in WCMS up to 8.3.11. It has been declared as critical. Affected by this vulnerability is the function getMemberByUid of the file /index.php?articleadmin/getallcon of the component Login. The manipulation of the argument uid leads to improper authentication. The attack c...
CVE-2025-5149 WCMS Login getallcon getMemberByUid improper authentication
A vulnerability was found in WCMS up to 8.3.11. It has been declared as critical. Affected by this vulnerability is the function getMemberByUid of the file /index.php?articleadmin/getallcon of the component Login. The manipulation of the argument uid leads to improper authentication. The attack c...
CVE-2025-5149 WCMS Login getallcon getMemberByUid improper authentication
A vulnerability was found in WCMS up to 8.3.11. It has been declared as critical. Affected by this vulnerability is the function getMemberByUid of the file /index.php?articleadmin/getallcon of the component Login. The manipulation of the argument uid leads to improper authentication. The attack c...
CVE-2020-24139
Server-side request forgery in Wcms 0.3.2 lets an attacker send crafted requests from the back-end server of a vulnerable web application via the path parameter to wex/cssjs.php. It can help identify open ports, local network hosts and execute command on local services...
CVE-2025-3799
A vulnerability, which was classified as critical, was found in WCMS 11. Affected is an unknown function of the file app/controllers/AnonymousController.php. The manipulation of the argument email/username leads to sql injection. It is possible to launch the attack remotely. The exploit has been...
CVE-2025-3800 WCMS AnonymousController.php sql injection
A vulnerability has been found in WCMS 11 and classified as critical. Affected by this vulnerability is an unknown functionality of the file app/controllers/AnonymousController.php. The manipulation of the argument mobilephone leads to sql injection. The attack can be launched remotely. The explo...
CVE-2025-3800
CVE-2025-3800 affects WCMS 11, with a SQL injection vulnerability in an unknown functionality of file app/controllers/AnonymousController.php, triggered by manipulating the mobile_phone argument. Attack is remote; exploit has been disclosed publicly. Connected documents corroborate the issue and ...
CVE-2025-2978 WCMS Article Publishing Page CKEditor unrestricted upload
A vulnerability was found in WCMS 11. It has been rated as critical. Affected by this issue is some unknown functionality of the file /index.php?articleadmin/upload/?&CKEditor=container&CKEditorFuncNum=1 of the component Article Publishing Page. The manipulation of the argument Upload leads to...
CVE-2025-2978
CVE-2025-2978 affects WCMS 11; the Article Publishing Page contains a vulnerability in the Upload parameter that allows unrestricted uploads via /index.php?articleadmin/upload/?&CKEditor=container&CKEditorFuncNum=1. Exploitation is remote and the exploit has been disclosed publicly; vendor did no...
PT-2023-23418 · Wcms · Wcms
Name of the Vulnerable Software and Affected Versions: Wcms version 0.3.2 Description: The issue allows an attacker to send a crafted request from a vulnerable web application backend server via the "finish" parameter and the textAreaCode parameter in the "/wcms/wex/html.php" endpoint. This enabl...
CVE-2023-31689
In Wcms 0.3.2, an attacker can send a crafted request from a vulnerable web application backend server /wcms/wex/html.php via the finish parameter and the textAreaCode parameter. It can write arbitrary strings into custom file names and upload any files, and write malicious code to execute script...
Wcms Server-Side Request Forgery Vulnerability
WCMS is a content management system CMS. A server-side request forgery vulnerability exists in Wcms version 0.3.2, where an attacker sends a crafted request/html.php file to wex from the back-end server of a vulnerable web application via the pagename parameter. It can help to identify open ports...
WCMS Server-Side Request Forgery Vulnerability
WCMS is a content management system CMS that uses an open web interface to build websites. A server-side request forgery vulnerability exists in WCMS version 0.3.2. An attacker can send a specially crafted request from the web application's back-end server via the path parameter of wex/cssjs.php,...
WCMS Cross-Site Scripting Vulnerability
WCMS is a content management system CMS that uses an open web interface to build websites. A cross-site scripting vulnerability exists in WCMS version 0.3.2. The vulnerability can be exploited to inject arbitrary web script and HTML via the pagename parameter of wex/html.php...