Vulnerabilities > Wbce

DATE CVE VULNERABILITY TITLE RISK
2022-04-28 CVE-2022-28477 Cross-site Scripting vulnerability in Wbce CMS 1.5.2
WBCE CMS 1.5.2 is vulnerable to Cross Site Scripting (XSS).
network
low complexity
wbce CWE-79
6.1
2022-02-24 CVE-2022-25099 Unspecified vulnerability in Wbce CMS 1.5.2
A vulnerability in the component /languages/index.php of WBCE CMS v1.5.2 allows attackers to execute arbitrary code via a crafted PHP file.
local
low complexity
wbce
7.8
2022-02-24 CVE-2022-25101 Unspecified vulnerability in Wbce CMS 1.5.2
A vulnerability in the component /templates/install.php of WBCE CMS v1.5.2 allows attackers to execute arbitrary code via a crafted PHP file.
local
low complexity
wbce
7.8
2021-12-09 CVE-2021-3817 SQL Injection vulnerability in Wbce CMS
wbce_cms is vulnerable to Improper Neutralization of Special Elements used in an SQL Command
network
low complexity
wbce CWE-89
critical
9.8
2019-10-14 CVE-2019-17575 Use of Incorrectly-Resolved Name or Reference vulnerability in Wbce CMS
A file-rename filter bypass exists in admin/media/rename.php in WBCE CMS 1.4.0 and earlier.
network
low complexity
wbce CWE-706
7.2
2018-01-25 CVE-2018-6313 Cross-site Scripting vulnerability in Wbce CMS 1.3.1
Cross-site scripting (XSS) in WBCE CMS 1.3.1 allows remote authenticated administrators to inject arbitrary web script or HTML via the Modify Page screen, a different issue than CVE-2017-2118.
network
low complexity
wbce CWE-79
4.8
2017-11-17 CVE-2017-1000213 Cross-site Scripting vulnerability in Wbce CMS 1.1.11
WBCE v1.1.11 is vulnerable to reflected XSS via the "begriff" POST parameter in /admin/admintools/tool.php?tool=user_search
network
low complexity
wbce CWE-79
4.8
2017-04-28 CVE-2017-2120 SQL Injection vulnerability in Wbce CMS
SQL injection vulnerability in the WBCE CMS 1.1.10 and earlier allows attacker with administrator rights to execute arbitrary SQL commands via unspecified vectors.
network
low complexity
wbce CWE-89
7.2
2017-04-28 CVE-2017-2119 Path Traversal vulnerability in Wbce CMS
Directory traversal vulnerability in WBCE CMS 1.1.10 and earlier allows remote attackers to read arbitrary files via unspecified vectors.
network
low complexity
wbce CWE-22
8.6
2017-04-28 CVE-2017-2118 Cross-site Scripting vulnerability in Wbce CMS
Cross-site scripting vulnerability in WBCE CMS 1.1.10 and earlier allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
network
low complexity
wbce CWE-79
6.1