191 matches found
Directory traversal
Directory Traversal vulnerability found in Cryptoprof WCMS v.0.3.2 allows a remote attacker to execute arbitrary code via the wex/cssjs.php parameter...
PT-2023-11540 · Unknown · Cryptoprof Wcms
Name of the Vulnerable Software and Affected Versions: Cryptoprof WCMS version 0.3.2 Description: A Directory Traversal issue allows a remote attacker to execute arbitrary code via the wex/cssjs.php parameter. Recommendations: For Cryptoprof WCMS version 0.3.2, consider restricting access to the...
CVE-2020-19902
Directory Traversal vulnerability found in Cryptoprof WCMS v.0.3.2 allows a remote attacker to execute arbitrary code via the wex/cssjs.php parameter...
CVE-2020-19902
CVE-2020-19902 concerns a directory traversal vulnerability in Cryptoprof WCMS v0.3.2. The issue allows a remote attacker to execute arbitrary code via the wex/cssjs.php parameter, implying code execution could occur through crafted input that traverses the app’s file system. The core affected co...
CVE-2023-31689
In Wcms 0.3.2, an attacker can send a crafted request from a vulnerable web application backend server /wcms/wex/html.php via the finish parameter and the textAreaCode parameter. It can write arbitrary strings into custom file names and upload any files, and write malicious code to execute script...
Command injection
In Wcms 0.3.2, an attacker can send a crafted request from a vulnerable web application backend server /wcms/wex/html.php via the finish parameter and the textAreaCode parameter. It can write arbitrary strings into custom file names and upload any files, and write malicious code to execute script...
CVE-2023-31689
In Wcms 0.3.2, an attacker can send a crafted request from a vulnerable web application backend server /wcms/wex/html.php via the finish parameter and the textAreaCode parameter. It can write arbitrary strings into custom file names and upload any files, and write malicious code to execute script...
PT-2023-23418 · Wcms · Wcms
Name of the Vulnerable Software and Affected Versions: Wcms version 0.3.2 Description: The issue allows an attacker to send a crafted request from a vulnerable web application backend server via the "finish" parameter and the textAreaCode parameter in the "/wcms/wex/html.php" endpoint. This enabl...
CVE-2023-31689
In Wcms 0.3.2, an attacker can send a crafted request from a vulnerable web application backend server /wcms/wex/html.php via the finish parameter and the textAreaCode parameter. It can write arbitrary strings into custom file names and upload any files, and write malicious code to execute script...
CVE-2023-31689
In Wcms 0.3.2, an attacker can send a crafted request from a vulnerable web application backend server /wcms/wex/html.php via the finish parameter and the textAreaCode parameter. It can write arbitrary strings into custom file names and upload any files, and write malicious code to execute script...
CVE-2023-31689
CVE-2023-31689 affects WCMS 0.3.2. Affected endpoint: /wcms/wex/html.php where an attacker, using the finish and textAreaCode parameters, can write arbitrary strings to custom file names, upload arbitrary files, and inject/execute malicious code leading to command execution. This is described con...
Wcms Server-Side Request Forgery Vulnerability
WCMS is a content management system CMS. A server-side request forgery vulnerability exists in Wcms version 0.3.2, where an attacker sends a crafted request/html.php file to wex from the back-end server of a vulnerable web application via the pagename parameter. It can help to identify open ports...
WCMS Server-Side Request Forgery Vulnerability
WCMS is a content management system CMS that uses an open web interface to build websites. A server-side request forgery vulnerability exists in WCMS version 0.3.2. An attacker can send a specially crafted request from the web application's back-end server via the path parameter of wex/cssjs.php,...
WCMS Cross-Site Scripting Vulnerability
WCMS is a content management system CMS that uses an open web interface to build websites. A cross-site scripting vulnerability exists in WCMS version 0.3.2. The vulnerability can be exploited to inject arbitrary web script and HTML via the pagename parameter of wex/html.php...
WCMS Directory Traversal Vulnerability (CNVD-2021-28257)
WCMS is a content management system CMS that uses an open web interface to build websites. A directory traversal vulnerability exists in WCMS version 0.3.2. The vulnerability can be exploited to read arbitrary files on the server running the application via the pagename parameter of wex/html.php...
WCMS Directory Traversal Vulnerability
WCMS is a content management system CMS that uses an open web interface to build websites. A directory traversal vulnerability exists in WCMS version 0.3.2. The vulnerability can be exploited to read arbitrary files on the server running the application via the path parameter of wex/cssjs.php...
WCMS Cross-Site Scripting Vulnerability (CNVD-2021-28256)
WCMS is a content management system CMS that uses an open web interface to build websites. A reflective cross-site scripting vulnerability exists in WCMS version 0.3.2. The vulnerability can be exploited to inject arbitrary web script and HTML via the type parameter of wex/cssjs.php...
CVE-2020-24139
Server-side request forgery in Wcms 0.3.2 lets an attacker send crafted requests from the back-end server of a vulnerable web application via the path parameter to wex/cssjs.php. It can help identify open ports, local network hosts and execute command on local services...
CVE-2020-24140
Server-side request forgery in Wcms 0.3.2 let an attacker send crafted requests from the back-end server of a vulnerable web application via the pagename parameter to wex/html.php. It can help identify open ports, local network hosts and execute command on local services...
CVE-2020-24137
Directory traversal vulnerability in Wcms 0.3.2 allows an attacker to read arbitrary files on the server that is running an application via the path parameter to wex/cssjs.php...