Vulnerabilities > Wbce
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2023-11-10 | CVE-2023-39796 | SQL Injection vulnerability in Wbce CMS 1.6.0 SQL injection vulnerability in the miniform module in WBCE CMS v.1.6.0 allows remote unauthenticated attacker to execute arbitrary code via the DB_RECORD_TABLE parameter. | 9.8 |
| 2023-10-21 | CVE-2023-46054 | Cross-site Scripting vulnerability in Wbce CMS Cross Site Scripting (XSS) vulnerability in WBCE CMS v.1.6.1 and before allows a remote attacker to escalate privileges via a crafted script to the website_footer parameter in the admin/settings/save.php component. | 5.4 |
| 2023-09-28 | CVE-2023-43871 | Cross-site Scripting vulnerability in Wbce CMS 1.6.1 A File upload vulnerability in WBCE v.1.6.1 allows a local attacker to upload a pdf file with hidden Cross Site Scripting (XSS). | 5.4 |
| 2023-08-03 | CVE-2023-38947 | Unrestricted Upload of File with Dangerous Type vulnerability in Wbce CMS 1.6.1 An arbitrary file upload vulnerability in the /languages/install.php component of WBCE CMS v1.6.1 allows attackers to execute arbitrary code via a crafted PHP file. | 7.2 |
| 2023-04-18 | CVE-2023-29855 | Command Injection vulnerability in Wbce CMS 1.5.3 WBCE CMS 1.5.3 has a command execution vulnerability via admin/languages/install.php. | 7.2 |
| 2022-12-20 | CVE-2022-46020 | Unrestricted Upload of File with Dangerous Type vulnerability in Wbce CMS 1.5.4 WBCE CMS v1.5.4 can implement getshell by modifying the upload file type. | 9.8 |
| 2022-11-25 | CVE-2022-45036 | Cross-site Scripting vulnerability in Wbce CMS 1.5.4 A cross-site scripting (XSS) vulnerability in the Search Settings module of WBCE CMS v1.5.4 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the No Results field. | 5.4 |
| 2022-11-25 | CVE-2022-45037 | Cross-site Scripting vulnerability in Wbce CMS 1.5.4 A cross-site scripting (XSS) vulnerability in /admin/users/index.php of WBCE CMS v1.5.4 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Display Name field. | 5.4 |
| 2022-11-25 | CVE-2022-45038 | Cross-site Scripting vulnerability in Wbce CMS 1.5.4 A cross-site scripting (XSS) vulnerability in /admin/settings/save.php of WBCE CMS v1.5.4 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Website Footer field. | 5.4 |
| 2022-11-25 | CVE-2022-45039 | Unrestricted Upload of File with Dangerous Type vulnerability in Wbce CMS 1.5.4 An arbitrary file upload vulnerability in the Server Settings module of WBCE CMS v1.5.4 allows attackers to execute arbitrary code via a crafted PHP file. | 7.2 |