Wtcms Security Vulnerabilities and Issues — Wtcms CVE List

Lucene search

Wtcms ProjectWtcms

5 matches found

CVE•added 2019/02/18 6:29 p.m.•36 views

CVE-2019-8908

An issue was discovered in WTCMS 1.0. It allows remote attackers to execute arbitrary PHP code by going to the "Setting -> Mailbox configuration -> Registration email template" screen, and uploading an image file, as demonstrated by a .php filename and the "Content-Type: image/gif" header.

9.8CVSS9.7AI score0.00842EPSS

CVE•added 2019/02/18 6:29 p.m.•34 views

CVE-2019-8909

An issue was discovered in WTCMS 1.0. It allows remote attackers to cause a denial of service (resource consumption) via crafted dimensions for the verification code image.

7.5CVSS7.5AI score0.0065EPSS

CVE•added 2019/09/23 2:15 p.m.•31 views

CVE-2019-16719

WTCMS 1.0 allows index.php?g=admin&m=index&a=index CSRF with resultant XSS.

6.5CVSS6.5AI score0.00118EPSS

CVE•added 2019/02/18 6:29 p.m.•30 views

CVE-2019-8910

An issue was discovered in WTCMS 1.0. It allows index.php?g=admin&m=setting&a=site_post CSRF.

8.8CVSS8.6AI score0.00145EPSS

CVE•added 2019/02/18 6:29 p.m.•29 views

CVE-2019-8911

An issue was discovered in WTCMS 1.0. It has stored XSS via the third text box (for the website statistics code).

6.1CVSS5.9AI score0.0024EPSS