Vulnerabilities > Wbce
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2022-04-28 | CVE-2022-28477 | Cross-site Scripting vulnerability in Wbce CMS 1.5.2 WBCE CMS 1.5.2 is vulnerable to Cross Site Scripting (XSS). | 6.1 |
2022-02-24 | CVE-2022-25099 | Unspecified vulnerability in Wbce CMS 1.5.2 A vulnerability in the component /languages/index.php of WBCE CMS v1.5.2 allows attackers to execute arbitrary code via a crafted PHP file. | 7.8 |
2022-02-24 | CVE-2022-25101 | Unspecified vulnerability in Wbce CMS 1.5.2 A vulnerability in the component /templates/install.php of WBCE CMS v1.5.2 allows attackers to execute arbitrary code via a crafted PHP file. | 7.8 |
2021-12-09 | CVE-2021-3817 | SQL Injection vulnerability in Wbce CMS wbce_cms is vulnerable to Improper Neutralization of Special Elements used in an SQL Command | 9.8 |
2019-10-14 | CVE-2019-17575 | Use of Incorrectly-Resolved Name or Reference vulnerability in Wbce CMS A file-rename filter bypass exists in admin/media/rename.php in WBCE CMS 1.4.0 and earlier. | 7.2 |
2018-01-25 | CVE-2018-6313 | Cross-site Scripting vulnerability in Wbce CMS 1.3.1 Cross-site scripting (XSS) in WBCE CMS 1.3.1 allows remote authenticated administrators to inject arbitrary web script or HTML via the Modify Page screen, a different issue than CVE-2017-2118. | 4.8 |
2017-11-17 | CVE-2017-1000213 | Cross-site Scripting vulnerability in Wbce CMS 1.1.11 WBCE v1.1.11 is vulnerable to reflected XSS via the "begriff" POST parameter in /admin/admintools/tool.php?tool=user_search | 4.8 |
2017-04-28 | CVE-2017-2120 | SQL Injection vulnerability in Wbce CMS SQL injection vulnerability in the WBCE CMS 1.1.10 and earlier allows attacker with administrator rights to execute arbitrary SQL commands via unspecified vectors. | 7.2 |
2017-04-28 | CVE-2017-2119 | Path Traversal vulnerability in Wbce CMS Directory traversal vulnerability in WBCE CMS 1.1.10 and earlier allows remote attackers to read arbitrary files via unspecified vectors. | 8.6 |
2017-04-28 | CVE-2017-2118 | Cross-site Scripting vulnerability in Wbce CMS Cross-site scripting vulnerability in WBCE CMS 1.1.10 and earlier allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | 6.1 |