Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
wcms wcms 0.3.2 vulnerabilities and exploits
(subscribe to this query)
9.8
CVSSv3
CVE-2020-19902
Directory Traversal vulnerability found in Cryptoprof WCMS v.0.3.2 allows a remote malicious user to execute arbitrary code via the wex/cssjs.php parameter.
Wcms Wcms 0.3.2
9.8
CVSSv3
CVE-2023-31689
In Wcms 0.3.2, an attacker can send a crafted request from a vulnerable web application backend server /wcms/wex/html.php via the finish parameter and the textAreaCode parameter. It can write arbitrary strings into custom file names and upload any files, and write malicious code ...
Wcms Wcms 0.3.2
8.3
CVSSv3
CVE-2020-24139
Server-side request forgery in Wcms 0.3.2 lets an attacker send crafted requests from the back-end server of a vulnerable web application via the path parameter to wex/cssjs.php. It can help identify open ports, local network hosts and execute command on local services.
Wcms Wcms 0.3.2
6.1
CVSSv3
CVE-2020-24135
A Reflected Cross Site Scripting (XSS) Vulnerability exists in Wcms 0.3.2, which allows remote malicious users to inject arbitrary web script and HTML via the type parameter to wex/cssjs.php.
Wcms Wcms 0.3.2
5.3
CVSSv3
CVE-2020-24137
Directory traversal vulnerability in Wcms 0.3.2 allows an malicious user to read arbitrary files on the server that is running an application via the path parameter to wex/cssjs.php.
Wcms Wcms 0.3.2
8.3
CVSSv3
CVE-2020-24140
Server-side request forgery in Wcms 0.3.2 let an attacker send crafted requests from the back-end server of a vulnerable web application via the pagename parameter to wex/html.php. It can help identify open ports, local network hosts and execute command on local services.
Wcms Wcms 0.3.2
8.6
CVSSv3
CVE-2020-24136
Directory traversal in Wcms 0.3.2 allows an malicious user to read arbitrary files on the server that is running an application via the pagename parameter to wex/html.php.
Wcms Wcms 0.3.2
6.1
CVSSv3
CVE-2020-24138
Cross Site Scripting (XSS) vulnerability in wcms 0.3.2 allows remote malicious users to inject arbitrary web script and HTML via the pagename parameter to wex/html.php.
Wcms Wcms 0.3.2
8.1
CVSSv3
CVE-2019-14240
WCMS v0.3.2 has a CSRF vulnerability, with resultant directory traversal, to modify index.html via the /wex/html.php?finish=../index.html URI.
Wcms Wcms 0.3.2
8.8
CVSSv3
CVE-2019-11377
wcms/wex/finder/action.php in WCMS v0.3.2 has a Arbitrary File Upload Vulnerability via developer/finder because .php is a valid extension according to the fm_get_text_exts function.
Wcms Wcms 0.3.2
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-33572
CVE-2024-24919
CVE-2024-0230
CVE-2024-32714
HTML injection
local file inclusion
CVE-2024-31098
CVE-2024-31244
privilege
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started