Wondercms Security Vulnerabilities and Issues — Wondercms CVE List

Lucene search

WondercmsWondercms

2 matches found

CVE•added 2018/02/09 11:29 p.m.•44 views

CVE-2018-1000062

WonderCMS version 2.4.0 contains a Stored Cross-Site Scripting on File Upload through SVG vulnerability in uploadFileAction(), 'svg' => 'image/svg+xml' that can result in An attacker can execute arbitrary script on an unsuspecting user's browser. This attack appear to be exploitable via Crafted ...

4.4CVSS4.7AI score0.00206EPSS

CVE•added 2018/02/27 3:29 p.m.•30 views

CVE-2018-7172

In index.php in WonderCMS before 2.4.1, remote attackers can delete arbitrary files via directory traversal.

5.5CVSS5.3AI score0.01368EPSS