Wcms@0.3.2 Security Vulnerabilities and Issues — Wcms@0.3.2 CVE List

Lucene search

WcmsWcms0.3.2

11 matches found

CVE•added 2021/04/07 4:15 p.m.•206 views

CVE-2020-24135

A Reflected Cross Site Scripting (XSS) Vulnerability was discovered in Wcms 0.3.2, which allows remote attackers to inject arbitrary web script and HTML via the type parameter to wex/cssjs.php.

6.1CVSS5.9AI score0.00283EPSS

Web

CVE•added 2023/05/22 8:15 p.m.•48 views

CVE-2023-31689

In Wcms 0.3.2, an attacker can send a crafted request from a vulnerable web application backend server /wcms/wex/html.php via the finish parameter and the textAreaCode parameter. It can write arbitrary strings into custom file names and upload any files, and write malicious code to execute scripts ...

9.8CVSS9.7AI score0.05053EPSS

Web

CVE•added 2024/09/15 10:15 p.m.•40 views

CVE-2024-8875

A vulnerability classified as critical was found in vedees wcms up to 0.3.2. Affected by this vulnerability is an unknown functionality of the file /wex/finder.php. The manipulation of the argument p leads to path traversal. The attack can be launched remotely. The exploit has been disclosed to the...

9.1CVSS6AI score0.00227EPSS

Web

CVE•added 2019/07/23 12:15 p.m.•36 views

CVE-2019-14240

WCMS v0.3.2 has a CSRF vulnerability, with resultant directory traversal, to modify index.html via the /wex/html.php?finish=../index.html URI.

8.1CVSS8AI score0.00334EPSS

Web

CVE•added 2021/04/07 4:15 p.m.•36 views

CVE-2020-24140

Server-side request forgery in Wcms 0.3.2 let an attacker send crafted requests from the back-end server of a vulnerable web application via the pagename parameter to wex/html.php. It can help identify open ports, local network hosts and execute command on local services.

8.3CVSS8.2AI score0.00245EPSS

Web

CVE•added 2021/04/07 3:15 p.m.•35 views

CVE-2020-24138

Cross Site Scripting (XSS) vulnerability in wcms 0.3.2 allows remote attackers to inject arbitrary web script and HTML via the pagename parameter to wex/html.php.

6.1CVSS5.9AI score0.00283EPSS

Web

CVE•added 2021/04/07 4:15 p.m.•33 views

CVE-2020-24139

Server-side request forgery in Wcms 0.3.2 lets an attacker send crafted requests from the back-end server of a vulnerable web application via the path parameter to wex/cssjs.php. It can help identify open ports, local network hosts and execute command on local services.

8.3CVSS8.2AI score0.00304EPSS

Web

CVE•added 2021/04/07 3:15 p.m.•32 views

CVE-2020-24136

Directory traversal in Wcms 0.3.2 allows an attacker to read arbitrary files on the server that is running an application via the pagename parameter to wex/html.php.

8.6CVSS8.4AI score0.01276EPSS

Web

CVE•added 2023/06/27 8:15 p.m.•31 views

CVE-2020-19902

Directory Traversal vulnerability found in Cryptoprof WCMS v.0.3.2 allows a remote attacker to execute arbitrary code via the wex/cssjs.php parameter.

9.8CVSS9.6AI score0.04553EPSS

Web

CVE•added 2021/04/07 4:15 p.m.•31 views

CVE-2020-24137

Directory traversal vulnerability in Wcms 0.3.2 allows an attacker to read arbitrary files on the server that is running an application via the path parameter to wex/cssjs.php.

5.3CVSS5.2AI score0.00147EPSS

Web

CVE•added 2019/04/20 3:29 p.m.•28 views

CVE-2019-11377

wcms/wex/finder/action.php in WCMS v0.3.2 has a Arbitrary File Upload Vulnerability via developer/finder because .php is a valid extension according to the fm_get_text_exts function.

8.8CVSS8.5AI score0.00401EPSS