340 matches found
PT-2023-29813 · Wbce Cms · Wbce Cms
Name of the Vulnerable Software and Affected Versions: WBCE CMS versions 1.6.1 and earlier Description: A Cross Site Scripting XSS issue allows a remote attacker to escalate privileges via a crafted script to the website footer parameter in the "admin/settings/save.php" component. Recommendations...
WBCE CMS 跨站脚本漏洞
WBCE CMS is an open source content management system CMS based on PHP and MySQL. WBCE CMS suffers from a cross-site scripting vulnerability that stems from the application's lack of effective filtering and escaping of user-supplied data, which can be exploited by an attacker to execute arbitrary...
CVE-2023-46054
CVE-2023-46054 – WBCE CMS : A cross-site scripting (XSS) vulnerability affects WBCE CMS versions 1.6.1 and earlier. The issue arises from lack of proper filtering/escaping in the website_footer parameter used by the admin/settings/save.php component, allowing a remote attacker to escalate privile...
CVE-2023-46054
Cross Site Scripting XSS vulnerability in WBCE CMS v.1.6.1 and before allows a remote attacker to escalate privileges via a crafted script to the websitefooter parameter in the admin/settings/save.php component...
CVE-2023-46054
Cross Site Scripting XSS vulnerability in WBCE CMS v.1.6.1 and before allows a remote attacker to escalate privileges via a crafted script to the websitefooter parameter in the admin/settings/save.php component...
CVE-2023-43871
A File upload vulnerability in WBCE v.1.6.1 allows a local attacker to upload a pdf file with hidden Cross Site Scripting XSS...
CVE-2023-43871
A File upload vulnerability in WBCE v.1.6.1 allows a local attacker to upload a pdf file with hidden Cross Site Scripting XSS...
Unrestricted file upload
A File upload vulnerability in WBCE v.1.6.1 allows a local attacker to upload a pdf file with hidden Cross Site Scripting XSS...
PT-2023-29016 · Wbce · Wbce
Name of the Vulnerable Software and Affected Versions: WBCE version 1.6.1 Description: A File upload vulnerability allows a local attacker to upload a pdf file with hidden Cross Site Scripting XSS. Recommendations: For WBCE version 1.6.1, consider restricting file uploads to prevent exploitation...
CVE-2023-43871
A File upload vulnerability in WBCE v.1.6.1 allows a local attacker to upload a pdf file with hidden Cross Site Scripting XSS...
CVE-2023-43871
A File upload vulnerability in WBCE v.1.6.1 allows a local attacker to upload a pdf file with hidden Cross Site Scripting XSS...
CVE-2023-43871
WBCE CMS v1.6.1 is affected by a file upload vulnerability that allows a local attacker to upload a PDF containing hidden XSS. Root cause/technical details are limited to an uploaded file not being properly sanitized, enabling XSS execution in certain contexts. No patch/version remediation is spe...
WBCE CMS Cross-Site Scripting Vulnerability
WBCE CMS is an open source content management system CMS based on PHP and MySQL. A cross-site scripting vulnerability exists in WBCE CMS version v.1.6.1, which stems from not validating uploaded files...
WBCE CMS Arbitrary File Upload Vulnerability (CNVD-2023-71724)
WBCE CMS is an open source content management system CMS based on PHP and MySQL. An arbitrary file upload vulnerability exists in WBCE CMS version 1.6.1, which stems from the lack of validation of uploaded files in the /languages/install.php component. The vulnerability can be exploited to remote...
CVE-2023-38947
An arbitrary file upload vulnerability in the /languages/install.php component of WBCE CMS v1.6.1 allows attackers to execute arbitrary code via a crafted PHP file...
CVE-2023-38947
An arbitrary file upload vulnerability in the /languages/install.php component of WBCE CMS v1.6.1 allows attackers to execute arbitrary code via a crafted PHP file...
CVE-2023-38947
An arbitrary file upload vulnerability in the /languages/install.php component of WBCE CMS v1.6.1 allows attackers to execute arbitrary code via a crafted PHP file...
Privilege escalation
An arbitrary file upload vulnerability in the /languages/install.php component of WBCE CMS v1.6.1 allows attackers to execute arbitrary code via a crafted PHP file...
PT-2023-26701 · Wbce Cms · Wbce Cms
Name of the Vulnerable Software and Affected Versions: WBCE CMS version 1.6.1 Description: An arbitrary file upload issue in the /languages/install.php component allows attackers to execute arbitrary code via a crafted PHP file. The "languages/install.php" component is specifically vulnerable,...
CVE-2023-38947
CVE-2023-38947 describes an arbitrary file upload vulnerability in WBCE CMS v1.6.1, stemming from lack of validation in the /languages/install.php component. The issue allows an attacker to upload a crafted PHP file and achieve arbitrary code execution. Documents consistently identify the affecte...