191 matches found
CVE-2020-24137
Directory traversal vulnerability in Wcms 0.3.2 allows an attacker to read arbitrary files on the server that is running an application via the path parameter to wex/cssjs.php...
CVE-2020-24140
Server-side request forgery in Wcms 0.3.2 let an attacker send crafted requests from the back-end server of a vulnerable web application via the pagename parameter to wex/html.php. It can help identify open ports, local network hosts and execute command on local services...
CVE-2020-24139
Server-side request forgery in Wcms 0.3.2 lets an attacker send crafted requests from the back-end server of a vulnerable web application via the path parameter to wex/cssjs.php. It can help identify open ports, local network hosts and execute command on local services...
CVE-2020-24135
A Reflected Cross Site Scripting XSS Vulnerability was discovered in Wcms 0.3.2, which allows remote attackers to inject arbitrary web script and HTML via the type parameter to wex/cssjs.php...
CVE-2020-24135
A Reflected Cross Site Scripting XSS Vulnerability was discovered in Wcms 0.3.2, which allows remote attackers to inject arbitrary web script and HTML via the type parameter to wex/cssjs.php...
Directory traversal
Directory traversal vulnerability in Wcms 0.3.2 allows an attacker to read arbitrary files on the server that is running an application via the path parameter to wex/cssjs.php...
Cross site scripting
A Reflected Cross Site Scripting XSS Vulnerability was discovered in Wcms 0.3.2, which allows remote attackers to inject arbitrary web script and HTML via the type parameter to wex/cssjs.php...
Server side request forgery (ssrf)
Server-side request forgery in Wcms 0.3.2 lets an attacker send crafted requests from the back-end server of a vulnerable web application via the path parameter to wex/cssjs.php. It can help identify open ports, local network hosts and execute command on local services...
Server side request forgery (ssrf)
Server-side request forgery in Wcms 0.3.2 let an attacker send crafted requests from the back-end server of a vulnerable web application via the pagename parameter to wex/html.php. It can help identify open ports, local network hosts and execute command on local services...
CVE-2020-24138
Cross Site Scripting XSS vulnerability in wcms 0.3.2 allows remote attackers to inject arbitrary web script and HTML via the pagename parameter to wex/html.php...
CVE-2020-24136
Directory traversal in Wcms 0.3.2 allows an attacker to read arbitrary files on the server that is running an application via the pagename parameter to wex/html.php...
CVE-2020-24138
Cross Site Scripting XSS vulnerability in wcms 0.3.2 allows remote attackers to inject arbitrary web script and HTML via the pagename parameter to wex/html.php...
CVE-2020-24136
Directory traversal in Wcms 0.3.2 allows an attacker to read arbitrary files on the server that is running an application via the pagename parameter to wex/html.php...
Cross site scripting
Cross Site Scripting XSS vulnerability in wcms 0.3.2 allows remote attackers to inject arbitrary web script and HTML via the pagename parameter to wex/html.php...
Directory traversal
Directory traversal in Wcms 0.3.2 allows an attacker to read arbitrary files on the server that is running an application via the pagename parameter to wex/html.php...
CVE-2020-24137
Directory traversal vulnerability in Wcms 0.3.2 allows an attacker to read arbitrary files on the server that is running an application via the path parameter to wex/cssjs.php...
CVE-2020-24137
CVE-2020-24137 affects WCMS 0.3.2. The vulnerability is a directory traversal in the wex/cssjs.php script, exploitable via the path parameter to read arbitrary files on the server. The connected Red Hat, CNVD, NVD, OSV, and CVE records corroborate the same issue. Exploit specifics and fixes are n...
CVE-2020-24140
Server-side request forgery in Wcms 0.3.2 let an attacker send crafted requests from the back-end server of a vulnerable web application via the pagename parameter to wex/html.php. It can help identify open ports, local network hosts and execute command on local services...
CVE-2020-24140
CVE-2020-24140 describes an SSRF in WCMS version 0.3.2. An attacker can craft requests via the pagename parameter to wex/html.php from the vulnerable web application’s back-end server, enabling discovery of open ports and local network hosts and the execution of commands on local services. The co...
CVE-2020-24139
Server-side request forgery in Wcms 0.3.2 lets an attacker send crafted requests from the back-end server of a vulnerable web application via the path parameter to wex/cssjs.php. It can help identify open ports, local network hosts and execute command on local services...