Product:

Wcms

(Wcms)
Repositories

Unknown:

This might be proprietary software.

#Vulnerabilities 10
Date Id Summary Products Score Patch Annotated
2023-06-27 CVE-2020-19902 Directory Traversal vulnerability found in Cryptoprof WCMS v.0.3.2 allows a remote attacker to execute arbitrary code via the wex/cssjs.php parameter. Wcms 9.8
2023-05-22 CVE-2023-31689 In Wcms 0.3.2, an attacker can send a crafted request from a vulnerable web application backend server /wcms/wex/html.php via the finish parameter and the textAreaCode parameter. It can write arbitrary strings into custom file names and upload any files, and write malicious code to execute scripts to trigger command execution. Wcms 9.8
2021-04-07 CVE-2020-24136 Directory traversal in Wcms 0.3.2 allows an attacker to read arbitrary files on the server that is running an application via the pagename parameter to wex/html.php. Wcms 8.6
2021-04-07 CVE-2020-24138 Cross Site Scripting (XSS) vulnerability in wcms 0.3.2 allows remote attackers to inject arbitrary web script and HTML via the pagename parameter to wex/html.php. Wcms 6.1
2021-04-07 CVE-2020-24135 A Reflected Cross Site Scripting (XSS) Vulnerability was discovered in Wcms 0.3.2, which allows remote attackers to inject arbitrary web script and HTML via the type parameter to wex/cssjs.php. Wcms 6.1
2021-04-07 CVE-2020-24140 Server-side request forgery in Wcms 0.3.2 let an attacker send crafted requests from the back-end server of a vulnerable web application via the pagename parameter to wex/html.php. It can help identify open ports, local network hosts and execute command on local services. Wcms 8.3
2021-04-07 CVE-2020-24139 Server-side request forgery in Wcms 0.3.2 lets an attacker send crafted requests from the back-end server of a vulnerable web application via the path parameter to wex/cssjs.php. It can help identify open ports, local network hosts and execute command on local services. Wcms 8.3
2021-04-07 CVE-2020-24137 Directory traversal vulnerability in Wcms 0.3.2 allows an attacker to read arbitrary files on the server that is running an application via the path parameter to wex/cssjs.php. Wcms 5.3
2019-07-23 CVE-2019-14240 WCMS v0.3.2 has a CSRF vulnerability, with resultant directory traversal, to modify index.html via the /wex/html.php?finish=../index.html URI. Wcms 8.1
2019-04-20 CVE-2019-11377 wcms/wex/finder/action.php in WCMS v0.3.2 has a Arbitrary File Upload Vulnerability via developer/finder because .php is a valid extension according to the fm_get_text_exts function. Wcms 8.8