Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
wcms wcms 0.3.2 vulnerabilities and exploits
(subscribe to this query)
5.8
CVSSv2
CVE-2019-14240
WCMS v0.3.2 has a CSRF vulnerability, with resultant directory traversal, to modify index.html via the /wex/html.php?finish=../index.html URI.
Wcms Wcms 0.3.2
7.8
CVSSv2
CVE-2020-24136
Directory traversal in Wcms 0.3.2 allows an malicious user to read arbitrary files on the server that is running an application via the pagename parameter to wex/html.php.
Wcms Wcms 0.3.2
4.3
CVSSv2
CVE-2020-24138
Cross Site Scripting (XSS) vulnerability in wcms 0.3.2 allows remote malicious users to inject arbitrary web script and HTML via the pagename parameter to wex/html.php.
Wcms Wcms 0.3.2
NA
CVE-2020-19902
Directory Traversal vulnerability found in Cryptoprof WCMS v.0.3.2 allows a remote malicious user to execute arbitrary code via the wex/cssjs.php parameter.
Wcms Wcms 0.3.2
4.3
CVSSv2
CVE-2020-24135
A Reflected Cross Site Scripting (XSS) Vulnerability exists in Wcms 0.3.2, which allows remote malicious users to inject arbitrary web script and HTML via the type parameter to wex/cssjs.php.
Wcms Wcms 0.3.2
5
CVSSv2
CVE-2020-24137
Directory traversal vulnerability in Wcms 0.3.2 allows an malicious user to read arbitrary files on the server that is running an application via the path parameter to wex/cssjs.php.
Wcms Wcms 0.3.2
7.5
CVSSv2
CVE-2020-24139
Server-side request forgery in Wcms 0.3.2 lets an attacker send crafted requests from the back-end server of a vulnerable web application via the path parameter to wex/cssjs.php. It can help identify open ports, local network hosts and execute command on local services.
Wcms Wcms 0.3.2
7.5
CVSSv2
CVE-2020-24140
Server-side request forgery in Wcms 0.3.2 let an attacker send crafted requests from the back-end server of a vulnerable web application via the pagename parameter to wex/html.php. It can help identify open ports, local network hosts and execute command on local services.
Wcms Wcms 0.3.2
6.5
CVSSv2
CVE-2019-11377
wcms/wex/finder/action.php in WCMS v0.3.2 has a Arbitrary File Upload Vulnerability via developer/finder because .php is a valid extension according to the fm_get_text_exts function.
Wcms Wcms 0.3.2
NA
CVE-2023-31689
In Wcms 0.3.2, an attacker can send a crafted request from a vulnerable web application backend server /wcms/wex/html.php via the finish parameter and the textAreaCode parameter. It can write arbitrary strings into custom file names and upload any files, and write malicious code ...
Wcms Wcms 0.3.2
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2023-7073
CVE-2024-5496
CVE-2024-5495
XPath injection
bypass
CVE-2024-30043
CVE-2024-24919
denial of service
CVE-2024-35468
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started