Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
wcms vulnerabilities and exploits
(subscribe to this query)
NA
CVE-2020-19902
Directory Traversal vulnerability found in Cryptoprof WCMS v.0.3.2 allows a remote malicious user to execute arbitrary code via the wex/cssjs.php parameter.
Wcms Wcms 0.3.2
NA
CVE-2023-31689
In Wcms 0.3.2, an attacker can send a crafted request from a vulnerable web application backend server /wcms/wex/html.php via the finish parameter and the textAreaCode parameter. It can write arbitrary strings into custom file names and upload any files, and write malicious code ...
Wcms Wcms 0.3.2
5
CVSSv2
CVE-2020-24137
Directory traversal vulnerability in Wcms 0.3.2 allows an malicious user to read arbitrary files on the server that is running an application via the path parameter to wex/cssjs.php.
Wcms Wcms 0.3.2
7.5
CVSSv2
CVE-2020-24139
Server-side request forgery in Wcms 0.3.2 lets an attacker send crafted requests from the back-end server of a vulnerable web application via the path parameter to wex/cssjs.php. It can help identify open ports, local network hosts and execute command on local services.
Wcms Wcms 0.3.2
7.5
CVSSv2
CVE-2020-24140
Server-side request forgery in Wcms 0.3.2 let an attacker send crafted requests from the back-end server of a vulnerable web application via the pagename parameter to wex/html.php. It can help identify open ports, local network hosts and execute command on local services.
Wcms Wcms 0.3.2
4.3
CVSSv2
CVE-2020-24135
A Reflected Cross Site Scripting (XSS) Vulnerability exists in Wcms 0.3.2, which allows remote malicious users to inject arbitrary web script and HTML via the type parameter to wex/cssjs.php.
Wcms Wcms 0.3.2
7.8
CVSSv2
CVE-2020-24136
Directory traversal in Wcms 0.3.2 allows an malicious user to read arbitrary files on the server that is running an application via the pagename parameter to wex/html.php.
Wcms Wcms 0.3.2
4.3
CVSSv2
CVE-2020-24138
Cross Site Scripting (XSS) vulnerability in wcms 0.3.2 allows remote malicious users to inject arbitrary web script and HTML via the pagename parameter to wex/html.php.
Wcms Wcms 0.3.2
5.8
CVSSv2
CVE-2019-14240
WCMS v0.3.2 has a CSRF vulnerability, with resultant directory traversal, to modify index.html via the /wex/html.php?finish=../index.html URI.
Wcms Wcms 0.3.2
6.5
CVSSv2
CVE-2019-11377
wcms/wex/finder/action.php in WCMS v0.3.2 has a Arbitrary File Upload Vulnerability via developer/finder because .php is a valid extension according to the fm_get_text_exts function.
Wcms Wcms 0.3.2
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
path traversal
CVE-2024-33545
CVE-2024-35725
CVE-2024-32704
overflow
file upload
CVE-2024-0230
CVE-2024-32705
CVE-2024-23692
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
1
2
NEXT »