10 matches found
CVE-2014-8702
Wonder CMS 2014 allows remote attackers to obtain sensitive information by logging into the application with an array for the password, which reveals the installation path in an error message...
CVE-2014-8701
Wonder CMS 2014 allows remote attackers to obtain sensitive information by viewing /files/password, which reveals the unsalted MD5 hashed password...
Directory traversal
Directory traversal vulnerability in index.php in Wonder CMS 2014 allows remote attackers to include and execute arbitrary local files via a crafted theme...
Design/Logic Flaw
Wonder CMS 2014 allows remote attackers to obtain sensitive information by logging into the application with an array for the password, which reveals the installation path in an error message...
Cross site scripting
Cross-site scripting XSS vulnerability in Wonder CMS 2014 allows remote attackers to inject arbitrary web script or HTML...
CVE-2014-8705
The CVE-2014-8705 issue concerns Wonder CMS 2014, where editInplace.php is vulnerable to a PHP Remote File Inclusion. An attacker can trigger arbitrary PHP code execution by supplying a crafted URL in the hook parameter. Connected sources (CNVD-2017-03526) confirm the vulnerability exists in Wond...
CVE-2014-8703
Wonder CMS 2014 is affected by a Cross-site scripting (XSS) vulnerability that allows remote attackers to inject arbitrary web script or HTML. The provided documents consistently reference Wonder CMS 2014 in relation to CVE-2014-8703, but do not supply concrete details on vulnerable versions, the...
CVE-2014-8701
Wonder CMS 2014 allows remote attackers to obtain sensitive information by viewing /files/password, which reveals the unsalted MD5 hashed password...
CVE-2014-8702
Wonder CMS 2014 allows remote attackers to obtain sensitive information by logging into the application with an array for the password, which reveals the installation path in an error message...
CVE-2014-8704
Directory traversal vulnerability in index.php in Wonder CMS 2014 allows remote attackers to include and execute arbitrary local files via a crafted theme...