Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
webedition vulnerabilities and exploits
(subscribe to this query)
668
VMScore
CVE-2014-2302
The installer script in webEdition CMS prior to 6.2.7-s1 and 6.3.x prior to 6.3.8-s1 allows remote malicious users to conduct PHP Object Injection attacks by intercepting a request to update.webedition.org.
Webedition Webedition Cms 6.2.7.0
Webedition Webedition Cms
Webedition Webedition Cms 6.3.8
755
VMScore
CVE-2014-2303
Multiple SQL injection vulnerabilities in the file browser component (we_fs.php) in webEdition CMS prior to 6.2.7-s1.2 and 6.3.x up to and including 6.3.8 before -s1 allow remote malicious users to execute arbitrary SQL commands via the (1) table or (2) order parameter.
Webedition Webedition Cms 6.3.8.0
Webedition Webedition Cms 6.3.3.0
Webedition Webedition Cms 6.2.7.0
1 EDB exploit
515
VMScore
CVE-2009-1222
Directory traversal vulnerability in index.php in webEdition 6.0.0.4 and previous versions, when register_globals is enabled and magic_quotes_gpc is disabled, allows remote malicious users to include and execute arbitrary files via a .. (dot dot) in the WE_LANGUAGE parameter.
Webedition Webedition 6.0.0.4
1 EDB exploit
405
VMScore
CVE-2014-5258
Directory traversal vulnerability in showTempFile.php in webEdition CMS prior to 6.3.9.0 Beta allows remote authenticated users to read arbitrary files via a .. (dot dot) in the file parameter.
Webedition Webedition Cms
1 EDB exploit
755
VMScore
CVE-2008-4154
SQL injection vulnerability in living-e webEdition CMS allows remote malicious users to execute arbitrary SQL commands via the we_objectID parameter.
Living-e Webedition Cms
1 EDB exploit
NA
CVE-2024-28417
Webedition CMS 9.2.2.0 has a Stored XSS vulnerability via /webEdition/we_cmd.php.
NA
CVE-2024-28418
Webedition CMS 9.2.2.0 has a File upload vulnerability via /webEdition/we_cmd.php
VMScore
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2022-48700
CVE-2022-48689
CVE-2024-27956
CVE-2023-6363
SQL
NULL pointer dereference
CVE-2023-41830
CVE-2015-2051
arbitrary
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started