Lucene search
K

191 matches found

Prion
Prion
added 2023/06/27 8:15 p.m.21 views

Directory traversal

Directory Traversal vulnerability found in Cryptoprof WCMS v.0.3.2 allows a remote attacker to execute arbitrary code via the wex/cssjs.php parameter...

7.5CVSS9.6AI score0.01935EPSS
Exploits1References1Affected Software1
Positive Technologies
Positive Technologies
added 2023/06/27 12:0 a.m.6 views

PT-2023-11540 · Unknown · Cryptoprof Wcms

Name of the Vulnerable Software and Affected Versions: Cryptoprof WCMS version 0.3.2 Description: A Directory Traversal issue allows a remote attacker to execute arbitrary code via the wex/cssjs.php parameter. Recommendations: For Cryptoprof WCMS version 0.3.2, consider restricting access to the...

9.8CVSS9.7AI score0.01935EPSS
Exploits1References3
Vulnrichment
Vulnrichment
added 2023/06/27 12:0 a.m.25 views

CVE-2020-19902

Directory Traversal vulnerability found in Cryptoprof WCMS v.0.3.2 allows a remote attacker to execute arbitrary code via the wex/cssjs.php parameter...

8.1AI score0.01935EPSS
Exploits1References1
CVE
CVE
added 2023/06/27 12:0 a.m.44 views

CVE-2020-19902

CVE-2020-19902 concerns a directory traversal vulnerability in Cryptoprof WCMS v0.3.2. The issue allows a remote attacker to execute arbitrary code via the wex/cssjs.php parameter, implying code execution could occur through crafted input that traverses the app’s file system. The core affected co...

9.8CVSS9.6AI score0.01935EPSS
Exploits1References1Affected Software1
NVD
NVD
added 2023/05/22 8:15 p.m.24 views

CVE-2023-31689

In Wcms 0.3.2, an attacker can send a crafted request from a vulnerable web application backend server /wcms/wex/html.php via the finish parameter and the textAreaCode parameter. It can write arbitrary strings into custom file names and upload any files, and write malicious code to execute script...

9.8CVSS9.7AI score0.2022EPSS
Exploits1References1
Prion
Prion
added 2023/05/22 8:15 p.m.15 views

Command injection

In Wcms 0.3.2, an attacker can send a crafted request from a vulnerable web application backend server /wcms/wex/html.php via the finish parameter and the textAreaCode parameter. It can write arbitrary strings into custom file names and upload any files, and write malicious code to execute script...

7.5CVSS9.6AI score0.2022EPSS
Exploits1References1Affected Software1
Cvelist
Cvelist
added 2023/05/22 12:0 a.m.28 views

CVE-2023-31689

In Wcms 0.3.2, an attacker can send a crafted request from a vulnerable web application backend server /wcms/wex/html.php via the finish parameter and the textAreaCode parameter. It can write arbitrary strings into custom file names and upload any files, and write malicious code to execute script...

9.9AI score0.2022EPSS
Exploits1References1
Positive Technologies
Positive Technologies
added 2023/05/22 12:0 a.m.5 views

PT-2023-23418 · Wcms · Wcms

Name of the Vulnerable Software and Affected Versions: Wcms version 0.3.2 Description: The issue allows an attacker to send a crafted request from a vulnerable web application backend server via the "finish" parameter and the textAreaCode parameter in the "/wcms/wex/html.php" endpoint. This enabl...

9.8CVSS9.5AI score0.2022EPSS
Exploits1References4
Vulnrichment
Vulnrichment
added 2023/05/22 12:0 a.m.10 views

CVE-2023-31689

In Wcms 0.3.2, an attacker can send a crafted request from a vulnerable web application backend server /wcms/wex/html.php via the finish parameter and the textAreaCode parameter. It can write arbitrary strings into custom file names and upload any files, and write malicious code to execute script...

9.7AI score0.2022EPSS
Exploits1References1
OSV
OSV
added 2023/05/22 12:0 a.m.16 views

CVE-2023-31689

In Wcms 0.3.2, an attacker can send a crafted request from a vulnerable web application backend server /wcms/wex/html.php via the finish parameter and the textAreaCode parameter. It can write arbitrary strings into custom file names and upload any files, and write malicious code to execute script...

9.8CVSS7.8AI score0.2022EPSS
Exploits1References3
CVE
CVE
added 2023/05/22 12:0 a.m.60 views

CVE-2023-31689

CVE-2023-31689 affects WCMS 0.3.2. Affected endpoint: /wcms/wex/html.php where an attacker, using the finish and textAreaCode parameters, can write arbitrary strings to custom file names, upload arbitrary files, and inject/execute malicious code leading to command execution. This is described con...

9.8CVSS9.7AI score0.2022EPSS
Exploits1References1Affected Software1
CNVD
CNVD
added 2021/04/09 12:0 a.m.8 views

Wcms Server-Side Request Forgery Vulnerability

WCMS is a content management system CMS. A server-side request forgery vulnerability exists in Wcms version 0.3.2, where an attacker sends a crafted request/html.php file to wex from the back-end server of a vulnerable web application via the pagename parameter. It can help to identify open ports...

8.3CVSS7AI score0.01155EPSS
Exploits1References1
CNVD
CNVD
added 2021/04/08 12:0 a.m.5 views

WCMS Server-Side Request Forgery Vulnerability

WCMS is a content management system CMS that uses an open web interface to build websites. A server-side request forgery vulnerability exists in WCMS version 0.3.2. An attacker can send a specially crafted request from the web application's back-end server via the path parameter of wex/cssjs.php,...

8.3CVSS7AI score0.01051EPSS
Exploits1References1
CNVD
CNVD
added 2021/04/08 12:0 a.m.6 views

WCMS Cross-Site Scripting Vulnerability

WCMS is a content management system CMS that uses an open web interface to build websites. A cross-site scripting vulnerability exists in WCMS version 0.3.2. The vulnerability can be exploited to inject arbitrary web script and HTML via the pagename parameter of wex/html.php...

6.1CVSS5.9AI score0.00908EPSS
Exploits1References1
CNVD
CNVD
added 2021/04/08 12:0 a.m.4 views

WCMS Directory Traversal Vulnerability (CNVD-2021-28257)

WCMS is a content management system CMS that uses an open web interface to build websites. A directory traversal vulnerability exists in WCMS version 0.3.2. The vulnerability can be exploited to read arbitrary files on the server running the application via the pagename parameter of wex/html.php...

8.6CVSS6.7AI score0.02223EPSS
Exploits1References1
CNVD
CNVD
added 2021/04/08 12:0 a.m.7 views

WCMS Directory Traversal Vulnerability

WCMS is a content management system CMS that uses an open web interface to build websites. A directory traversal vulnerability exists in WCMS version 0.3.2. The vulnerability can be exploited to read arbitrary files on the server running the application via the path parameter of wex/cssjs.php...

5.3CVSS6.7AI score0.01412EPSS
Exploits0References1
CNVD
CNVD
added 2021/04/08 12:0 a.m.10 views

WCMS Cross-Site Scripting Vulnerability (CNVD-2021-28256)

WCMS is a content management system CMS that uses an open web interface to build websites. A reflective cross-site scripting vulnerability exists in WCMS version 0.3.2. The vulnerability can be exploited to inject arbitrary web script and HTML via the type parameter of wex/cssjs.php...

6.1CVSS5.9AI score0.00903EPSS
Exploits1References1
OSV
OSV
added 2021/04/07 4:15 p.m.18 views

CVE-2020-24139

Server-side request forgery in Wcms 0.3.2 lets an attacker send crafted requests from the back-end server of a vulnerable web application via the path parameter to wex/cssjs.php. It can help identify open ports, local network hosts and execute command on local services...

8.3CVSS7AI score0.01051EPSS
Exploits1References2
OSV
OSV
added 2021/04/07 4:15 p.m.22 views

CVE-2020-24140

Server-side request forgery in Wcms 0.3.2 let an attacker send crafted requests from the back-end server of a vulnerable web application via the pagename parameter to wex/html.php. It can help identify open ports, local network hosts and execute command on local services...

8.3CVSS7AI score0.01155EPSS
Exploits1References2
OSV
OSV
added 2021/04/07 4:15 p.m.29 views

CVE-2020-24137

Directory traversal vulnerability in Wcms 0.3.2 allows an attacker to read arbitrary files on the server that is running an application via the path parameter to wex/cssjs.php...

5.3CVSS6.8AI score0.01412EPSS
Exploits0References2
Rows per page
Query Builder