34 matches found
CVE-2018-14877
An issue was discovered in WeaselCMS v0.3.5. XSS exists via Site Language, Site Title, Site Description, and Site Keywords on the SETTINGS page...
CVE-2018-14958
An issue was discovered in WeaselCMS v0.3.5. CSRF can update the website settings such as the theme, title, and description via index.php...
EUVD-2018-6840
Malware in sbrugna...
EUVD-2018-8198
Malware in sbrugna...
EUVD-2018-9116
Malware in sbrugna...
EUVD-2018-6759
Malware in sbrugna...
EUVD-2018-6841
Malware in sbrugna...
CVE-2018-14959
An issue was discovered in WeaselCMS v0.3.5. CSRF can create new pages via an index.php?b=pages=new URI...
WeaselCMS Cross-Site Scripting Vulnerability (CNVD-2018-20069)
WeaselCMS is a lightweight content management system CMS written in PHP. A cross-site scripting vulnerability exists in WeaselCMS version 0.3.6, which stems from the program's failure to properly handle $SERVER'PHPSELF', and can be exploited by remote attackers to inject arbitrary web script or...
CVE-2018-17361
Multiple XSS vulnerabilities in WeaselCMS v0.3.6 allow remote attackers to inject arbitrary web script or HTML via the PATHINFO to index.php because $SERVER'PHPSELF' is mishandled...
Cross site scripting
Multiple XSS vulnerabilities in WeaselCMS v0.3.6 allow remote attackers to inject arbitrary web script or HTML via the PATHINFO to index.php because $SERVER'PHPSELF' is mishandled...
CVE-2018-17361
Multiple XSS vulnerabilities in WeaselCMS v0.3.6 allow remote attackers to inject arbitrary web script or HTML via the PATHINFO to index.php because $SERVER'PHPSELF' is mishandled...
CVE-2018-17361
Multiple XSS vulnerabilities in WeaselCMS v0.3.6 allow remote attackers to inject arbitrary web script or HTML via the PATHINFO to index.php because $SERVER'PHPSELF' is mishandled...
CVE-2018-17361
CVE-2018-17361 affects WeaselCMS v0.3.6 (PHP). Multiple XSS vulnerabilities allow remote attackers to inject arbitrary web script or HTML via PATH_INFO to index.php; root cause is mishandling of $_SERVER['PHP_SELF']. Public exploit details are not provided in the connected documents; no remediati...
CVE-2018-16352
There is a PHP code upload vulnerability in WeaselCMS 0.3.6 via index.php because code can be embedded at the end of a .png file when the image/png content type is used...
CVE-2018-16352
There is a PHP code upload vulnerability in WeaselCMS 0.3.6 via index.php because code can be embedded at the end of a .png file when the image/png content type is used...
Design/Logic Flaw
There is a PHP code upload vulnerability in WeaselCMS 0.3.6 via index.php because code can be embedded at the end of a .png file when the image/png content type is used...
CVE-2018-16352
CVE-2018-16352 affects WeaselCMS 0.3.6. A vulnerability in index.php allows PHP code to be embedded at the end of a .png file when served as image/png, enabling a PHP code upload vulnerability. The CVE is documented across multiple sources (NVD, OSV, CVE lists). The connected documents provide th...
CVE-2018-16352
There is a PHP code upload vulnerability in WeaselCMS 0.3.6 via index.php because code can be embedded at the end of a .png file when the image/png content type is used...
WeaselCMS Cross-Site Request Forgery Vulnerability
WeaselCMS is a lightweight content management system CMS written in PHP. A cross-site request forgery vulnerability exists in WeaselCMS version 0.3.5. A remote attacker can exploit this vulnerability to create a new page with index.php?b=pages&a=new URI...