Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
webedition webedition cms vulnerabilities and exploits
(subscribe to this query)
668
VMScore
CVE-2014-2302
The installer script in webEdition CMS prior to 6.2.7-s1 and 6.3.x prior to 6.3.8-s1 allows remote malicious users to conduct PHP Object Injection attacks by intercepting a request to update.webedition.org.
Webedition Webedition Cms 6.2.7.0
Webedition Webedition Cms
Webedition Webedition Cms 6.3.8
755
VMScore
CVE-2014-2303
Multiple SQL injection vulnerabilities in the file browser component (we_fs.php) in webEdition CMS prior to 6.2.7-s1.2 and 6.3.x up to and including 6.3.8 before -s1 allow remote malicious users to execute arbitrary SQL commands via the (1) table or (2) order parameter.
Webedition Webedition Cms 6.3.8.0
Webedition Webedition Cms 6.3.3.0
Webedition Webedition Cms 6.2.7.0
1 EDB exploit
405
VMScore
CVE-2014-5258
Directory traversal vulnerability in showTempFile.php in webEdition CMS prior to 6.3.9.0 Beta allows remote authenticated users to read arbitrary files via a .. (dot dot) in the file parameter.
Webedition Webedition Cms
1 EDB exploit
755
VMScore
CVE-2008-4154
SQL injection vulnerability in living-e webEdition CMS allows remote malicious users to execute arbitrary SQL commands via the we_objectID parameter.
Living-e Webedition Cms
1 EDB exploit
NA
CVE-2024-28417
Webedition CMS 9.2.2.0 has a Stored XSS vulnerability via /webEdition/we_cmd.php.
NA
CVE-2024-28418
Webedition CMS 9.2.2.0 has a File upload vulnerability via /webEdition/we_cmd.php
VMScore
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-27322
administrator privileges
CVE-2024-1579
hardcoded
CVE-2023-20198
CVE-2024-33587
CVE-2024-33449
CVE-2024-4308
HTML injection
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started