Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
webedition cms vulnerabilities and exploits
(subscribe to this query)
7.5
CVSSv2
CVE-2014-2302
The installer script in webEdition CMS prior to 6.2.7-s1 and 6.3.x prior to 6.3.8-s1 allows remote malicious users to conduct PHP Object Injection attacks by intercepting a request to update.webedition.org.
Webedition Webedition Cms 6.2.7.0
Webedition Webedition Cms
Webedition Webedition Cms 6.3.8
7.5
CVSSv2
CVE-2014-2303
Multiple SQL injection vulnerabilities in the file browser component (we_fs.php) in webEdition CMS prior to 6.2.7-s1.2 and 6.3.x up to and including 6.3.8 before -s1 allow remote malicious users to execute arbitrary SQL commands via the (1) table or (2) order parameter.
Webedition Webedition Cms 6.3.8.0
Webedition Webedition Cms 6.3.3.0
Webedition Webedition Cms 6.2.7.0
1 EDB exploit
4
CVSSv2
CVE-2014-5258
Directory traversal vulnerability in showTempFile.php in webEdition CMS prior to 6.3.9.0 Beta allows remote authenticated users to read arbitrary files via a .. (dot dot) in the file parameter.
Webedition Webedition Cms
1 EDB exploit
7.5
CVSSv2
CVE-2008-4154
SQL injection vulnerability in living-e webEdition CMS allows remote malicious users to execute arbitrary SQL commands via the we_objectID parameter.
Living-e Webedition Cms
1 EDB exploit
NA
CVE-2024-28417
Webedition CMS 9.2.2.0 has a Stored XSS vulnerability via /webEdition/we_cmd.php.
NA
CVE-2024-28418
Webedition CMS 9.2.2.0 has a File upload vulnerability via /webEdition/we_cmd.php
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
hardcoded
arbitrary code
CVE-2024-2404
CVE-2024-21111
CVE-2024-28627
CVE-2024-4073
information disclosure
CVE-2024-32780
CVE-2024-4040
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started