Wtcms@1.0 Security Vulnerabilities and Issues — Wtcms@1.0 CVE List

Lucene search

Wtcms ProjectWtcms1.0

15 matches found

CVE•added 2024/10/25 10:15 p.m.•57 views

CVE-2024-48239

An issue was discovered in WTCMS 1.0. In the plupload method in \AssetController.class.php, the app parameters aren't processed, resulting in Cross Site Scripting (XSS).

4.8CVSS6.3AI score0.00068EPSS

CVE•added 2024/10/25 10:15 p.m.•47 views

CVE-2024-48237

WTCMS 1.0 is vulnerable to Incorrect Access Control in \Common\Controller\HomebaseController.class.php.

9.8CVSS6.6AI score0.00157EPSS

CVE•added 2024/10/25 10:15 p.m.•41 views

CVE-2024-48238

WTCMS 1.0 is vulnerable to SQL Injection in the edit_post method of /Admin\Controller\NavControl.class.php via the parentid parameter.

4.7CVSS7.7AI score0.00099EPSS

CVE•added 2019/02/18 6:29 p.m.•36 views

CVE-2019-8908

An issue was discovered in WTCMS 1.0. It allows remote attackers to execute arbitrary PHP code by going to the "Setting -> Mailbox configuration -> Registration email template" screen, and uploading an image file, as demonstrated by a .php filename and the "Content-Type: image/gif" header.

9.8CVSS9.7AI score0.00842EPSS

CVE•added 2019/02/18 6:29 p.m.•34 views

CVE-2019-8909

An issue was discovered in WTCMS 1.0. It allows remote attackers to cause a denial of service (resource consumption) via crafted dimensions for the verification code image.

7.5CVSS7.5AI score0.0065EPSS

CVE•added 2021/09/01 10:15 p.m.•34 views

CVE-2020-20343

WTCMS 1.0 contains a cross-site request forgery (CSRF) vulnerability in the index.php?g=admin&m=nav&a=add_post component that allows attackers to arbitrarily add articles in the administrator background.

6.5CVSS6.4AI score0.00098EPSS

CVE•added 2021/09/01 10:15 p.m.•34 views

CVE-2020-20345

WTCMS 1.0 contains a reflective cross-site scripting (XSS) vulnerability in the page management background which allows attackers to obtain cookies via a crafted payload entered into the search box.

5.4CVSS5.1AI score0.00296EPSS

CVE•added 2021/09/01 10:15 p.m.•33 views

CVE-2020-20349

WTCMS 1.0 contains a stored cross-site scripting (XSS) vulnerability in the link address field under the background links module.

5.4CVSS5.2AI score0.00261EPSS

CVE•added 2019/09/23 2:15 p.m.•31 views

CVE-2019-16719

WTCMS 1.0 allows index.php?g=admin&m=index&a=index CSRF with resultant XSS.

6.5CVSS6.5AI score0.00118EPSS

CVE•added 2021/09/01 10:15 p.m.•31 views

CVE-2020-20344

WTCMS 1.0 contains a reflective cross-site scripting (XSS) vulnerability in the keyword search function under the background articles module.

5.4CVSS5.2AI score0.00261EPSS

CVE•added 2019/02/18 6:29 p.m.•30 views

CVE-2019-8910

An issue was discovered in WTCMS 1.0. It allows index.php?g=admin&m=setting&a=site_post CSRF.

8.8CVSS8.6AI score0.00145EPSS

CVE•added 2019/02/18 6:29 p.m.•29 views

CVE-2019-8911

An issue was discovered in WTCMS 1.0. It has stored XSS via the third text box (for the website statistics code).

6.1CVSS5.9AI score0.0024EPSS

CVE•added 2021/09/01 10:15 p.m.•29 views

CVE-2020-20347

WTCMS 1.0 contains a stored cross-site scripting (XSS) vulnerability in the source field under the article management module.

5.4CVSS5.2AI score0.00261EPSS

CVE•added 2018/04/22 1:29 a.m.•28 views

CVE-2018-10267

WTCMS 1.0 has a CSRF vulnerability to add an administrator account via the index.php?admin&m=user&a=add_post URI.

8.8CVSS8.5AI score0.00145EPSS

CVE•added 2021/09/01 10:15 p.m.•25 views

CVE-2020-20348

WTCMS 1.0 contains a stored cross-site scripting (XSS) vulnerability in the link field under the background menu management module.

5.4CVSS5.2AI score0.00261EPSS