191 matches found
PT-2025-17375 · Wcms · Wcms
Name of the Vulnerable Software and Affected Versions: WCMS version 11 Description: A critical vulnerability was found in WCMS 11, affecting an unknown function of the file app/controllers/AnonymousController.php. The manipulation of the email/username argument leads to SQL injection. It is...
CVE-2025-2979
A vulnerability classified as problematic has been found in WCMS 11. This affects an unknown part of the file /index.php?anonymous/setregister of the component Registration. The manipulation of the argument Username leads to cross site scripting. It is possible to initiate the attack remotely. Th...
CVE-2025-2978
A vulnerability was found in WCMS 11. It has been rated as critical. Affected by this issue is some unknown functionality of the file /index.php?articleadmin/upload/?=container=1 of the component Article Publishing Page. The manipulation of the argument Upload leads to unrestricted upload. The...
CVE-2025-2978
A vulnerability was found in WCMS 11. It has been rated as critical. Affected by this issue is some unknown functionality of the file /index.php?articleadmin/upload/?&CKEditor=container&CKEditorFuncNum=1 of the component Article Publishing Page. The manipulation of the argument Upload leads to...
CVE-2025-2979
A vulnerability classified as problematic has been found in WCMS 11. This affects an unknown part of the file /index.php?anonymous/setregister of the component Registration. The manipulation of the argument Username leads to cross site scripting. It is possible to initiate the attack remotely. Th...
CVE-2025-2979
A vulnerability classified as problematic has been found in WCMS 11. This affects an unknown part of the file /index.php?anonymous/setregister of the component Registration. The manipulation of the argument Username leads to cross site scripting. It is possible to initiate the attack remotely. Th...
CVE-2025-2979 WCMS Registration setregister cross site scripting
A vulnerability classified as problematic has been found in WCMS 11. This affects an unknown part of the file /index.php?anonymous/setregister of the component Registration. The manipulation of the argument Username leads to cross site scripting. It is possible to initiate the attack remotely. Th...
CVE-2025-2979
WCMS 11 contains a cross-site scripting vulnerability in the Registration component, specifically via manipulating the Username parameter in /index.php?anonymous/setregister. The issue allows remote attackers to induce XSS, with exploitation disclosed publicly and no vendor response noted in the ...
CVE-2025-2979 WCMS Registration setregister cross site scripting
A vulnerability classified as problematic has been found in WCMS 11. This affects an unknown part of the file /index.php?anonymous/setregister of the component Registration. The manipulation of the argument Username leads to cross site scripting. It is possible to initiate the attack remotely. Th...
CVE-2025-2978 WCMS Article Publishing Page CKEditor unrestricted upload
A vulnerability was found in WCMS 11. It has been rated as critical. Affected by this issue is some unknown functionality of the file /index.php?articleadmin/upload/?&CKEditor=container&CKEditorFuncNum=1 of the component Article Publishing Page. The manipulation of the argument Upload leads to...
CVE-2025-2978 WCMS Article Publishing Page CKEditor unrestricted upload
A vulnerability was found in WCMS 11. It has been rated as critical. Affected by this issue is some unknown functionality of the file /index.php?articleadmin/upload/?&CKEditor=container&CKEditorFuncNum=1 of the component Article Publishing Page. The manipulation of the argument Upload leads to...
CVE-2025-2978
CVE-2025-2978 affects WCMS 11; the Article Publishing Page contains a vulnerability in the Upload parameter that allows unrestricted uploads via /index.php?articleadmin/upload/?&CKEditor=container&CKEditorFuncNum=1. Exploitation is remote and the exploit has been disclosed publicly; vendor did no...
CVE-2024-8875
A vulnerability classified as critical was found in vedees wcms up to 0.3.2. Affected by this vulnerability is an unknown functionality of the file /wex/finder.php. The manipulation of the argument p leads to path traversal. The attack can be launched remotely. The exploit has been disclosed to t...
CVE-2024-8875 vedees wcms finder.php path traversal
A vulnerability classified as critical was found in vedees wcms up to 0.3.2. Affected by this vulnerability is an unknown functionality of the file /wex/finder.php. The manipulation of the argument p leads to path traversal. The attack can be launched remotely. The exploit has been disclosed to t...
CVE-2024-8875 vedees wcms finder.php path traversal
A vulnerability classified as critical was found in vedees wcms up to 0.3.2. Affected by this vulnerability is an unknown functionality of the file /wex/finder.php. The manipulation of the argument p leads to path traversal. The attack can be launched remotely. The exploit has been disclosed to t...
CVE-2024-8875
CVE-2024-8875 affects vedees wcms up to version 0.3.2. The vulnerability resides in the /wex/finder.php file, where manipulating the p argument causes path traversal. It is a remoteable issue with public exploitation information; vendors reportedly did not respond. Connected documents corroborate...
CVE-2024-8875 vedees wcms finder.php path traversal
A vulnerability classified as critical was found in vedees wcms up to 0.3.2. Affected by this vulnerability is an unknown functionality of the file /wex/finder.php. The manipulation of the argument p leads to path traversal. The attack can be launched remotely. The exploit has been disclosed to t...
PT-2024-39293 · Unknown · Vedees Wcms
Name of the Vulnerable Software and Affected Versions: vedees wcms versions up to 0.3.2 Description: A critical vulnerability was found in vedees wcms, affecting an unknown functionality of the file /wex/finder.php. The manipulation of the p argument leads to path traversal. The attack can be...
CVE-2020-19902
Directory Traversal vulnerability found in Cryptoprof WCMS v.0.3.2 allows a remote attacker to execute arbitrary code via the wex/cssjs.php parameter...
CVE-2020-19902
Directory Traversal vulnerability found in Cryptoprof WCMS v.0.3.2 allows a remote attacker to execute arbitrary code via the wex/cssjs.php parameter...