Wbce Cms@1.5.4 Security Vulnerabilities and Issues — Wbce Cms@1.5.4 CVE List

Lucene search

WbceWbce Cms1.5.4

6 matches found

CVE•added 2022/11/25 4:15 p.m.•53 views

CVE-2022-45038

A cross-site scripting (XSS) vulnerability in /admin/settings/save.php of WBCE CMS v1.5.4 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Website Footer field.

5.4CVSS5.2AI score0.1315EPSS

CVE•added 2022/12/20 4:15 p.m.•52 views

CVE-2022-46020

WBCE CMS v1.5.4 can implement getshell by modifying the upload file type.

9.8CVSS9.5AI score0.84584EPSS

CVE•added 2022/11/25 4:15 p.m.•48 views

CVE-2022-45037

A cross-site scripting (XSS) vulnerability in /admin/users/index.php of WBCE CMS v1.5.4 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Display Name field.

5.4CVSS5.2AI score0.1315EPSS

CVE•added 2022/11/25 4:15 p.m.•43 views

CVE-2022-45040

A cross-site scripting (XSS) vulnerability in /admin/pages/sections_save.php of WBCE CMS v1.5.4 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Name Section field.

5.4CVSS5.2AI score0.00084EPSS

CVE•added 2022/11/25 4:15 p.m.•42 views

CVE-2022-45036

A cross-site scripting (XSS) vulnerability in the Search Settings module of WBCE CMS v1.5.4 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the No Results field.

5.4CVSS5.2AI score0.00084EPSS

CVE•added 2022/11/25 4:15 p.m.•42 views

CVE-2022-45039

An arbitrary file upload vulnerability in the Server Settings module of WBCE CMS v1.5.4 allows attackers to execute arbitrary code via a crafted PHP file.

7.2CVSS7.2AI score0.00088EPSS