Wbce Cms@* Security Vulnerabilities and Issues — Wbce Cms@* CVE List

Lucene search

WbceWbce Cms*

12 matches found

CVE•added 2019/10/14 3:15 p.m.•63 views

CVE-2019-17575

A file-rename filter bypass exists in admin/media/rename.php in WBCE CMS 1.4.0 and earlier. This can be exploited by an authenticated user with admin privileges to rename a media filename and extension. (For example: place PHP code in a .jpg file, and then change the file's base name to filename.ph...

7.2CVSS7.2AI score0.00266EPSS

CVE•added 2021/12/09 11:15 a.m.•58 views

CVE-2021-3817

wbce_cms is vulnerable to Improper Neutralization of Special Elements used in an SQL Command

9.8CVSS9.7AI score0.36764EPSS

CVE•added 2022/11/21 3:15 p.m.•50 views

CVE-2022-45012

A cross-site scripting (XSS) vulnerability in the Modify Page module of WBCE CMS v1.5.4 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Source field.

4.8CVSS4.9AI score0.00096EPSS

CVE•added 2022/11/21 3:15 p.m.•49 views

CVE-2022-45017

A cross-site scripting (XSS) vulnerability in the Overview Page settings module of WBCE CMS v1.5.4 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Post Loop field.

4.8CVSS4.9AI score0.00096EPSS

CVE•added 2022/11/21 3:15 p.m.•48 views

CVE-2022-45016

A cross-site scripting (XSS) vulnerability in the Search Settings module of WBCE CMS v1.5.4 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Footer field.

4.8CVSS4.9AI score0.00096EPSS

CVE•added 2023/10/21 7:15 a.m.•45 views

CVE-2023-46054

Cross Site Scripting (XSS) vulnerability in WBCE CMS v.1.6.1 and before allows a remote attacker to escalate privileges via a crafted script to the website_footer parameter in the admin/settings/save.php component.

5.4CVSS5.3AI score0.00109EPSS

CVE•added 2022/11/21 3:15 p.m.•44 views

CVE-2022-45015

4.8CVSS4.9AI score0.00096EPSS

CVE•added 2017/04/28 4:59 p.m.•42 views

CVE-2017-2119

Directory traversal vulnerability in WBCE CMS 1.1.10 and earlier allows remote attackers to read arbitrary files via unspecified vectors.

8.6CVSS8.3AI score0.07421EPSS

CVE•added 2022/11/21 3:15 p.m.•42 views

CVE-2022-45014

4.8CVSS4.9AI score0.00096EPSS

CVE•added 2022/11/21 3:15 p.m.•39 views

CVE-2022-45013

A cross-site scripting (XSS) vulnerability in the Show Advanced Option module of WBCE CMS v1.5.4 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Section Header field.

4.8CVSS4.9AI score0.00096EPSS

CVE•added 2017/04/28 4:59 p.m.•38 views

CVE-2017-2118

Cross-site scripting vulnerability in WBCE CMS 1.1.10 and earlier allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.

6.1CVSS5.5AI score0.00324EPSS

CVE•added 2017/04/28 4:59 p.m.•35 views

CVE-2017-2120

SQL injection vulnerability in the WBCE CMS 1.1.10 and earlier allows attacker with administrator rights to execute arbitrary SQL commands via unspecified vectors.

7.2CVSS7.5AI score0.01173EPSS