Vulnerabilities > Wbce > Wbce CMS

DATE CVE VULNERABILITY TITLE RISK
2023-11-10 CVE-2023-39796 SQL Injection vulnerability in Wbce CMS 1.6.0
SQL injection vulnerability in the miniform module in WBCE CMS v.1.6.0 allows remote unauthenticated attacker to execute arbitrary code via the DB_RECORD_TABLE parameter.
network
low complexity
wbce CWE-89
critical
9.8
2023-10-21 CVE-2023-46054 Cross-site Scripting vulnerability in Wbce CMS
Cross Site Scripting (XSS) vulnerability in WBCE CMS v.1.6.1 and before allows a remote attacker to escalate privileges via a crafted script to the website_footer parameter in the admin/settings/save.php component.
network
low complexity
wbce CWE-79
5.4
2023-09-28 CVE-2023-43871 Cross-site Scripting vulnerability in Wbce CMS 1.6.1
A File upload vulnerability in WBCE v.1.6.1 allows a local attacker to upload a pdf file with hidden Cross Site Scripting (XSS).
network
low complexity
wbce CWE-79
5.4
2023-08-03 CVE-2023-38947 Unrestricted Upload of File with Dangerous Type vulnerability in Wbce CMS 1.6.1
An arbitrary file upload vulnerability in the /languages/install.php component of WBCE CMS v1.6.1 allows attackers to execute arbitrary code via a crafted PHP file.
network
low complexity
wbce CWE-434
7.2
2023-04-18 CVE-2023-29855 Command Injection vulnerability in Wbce CMS 1.5.3
WBCE CMS 1.5.3 has a command execution vulnerability via admin/languages/install.php.
network
low complexity
wbce CWE-77
7.2
2022-12-20 CVE-2022-46020 Unrestricted Upload of File with Dangerous Type vulnerability in Wbce CMS 1.5.4
WBCE CMS v1.5.4 can implement getshell by modifying the upload file type.
network
low complexity
wbce CWE-434
critical
9.8
2022-11-25 CVE-2022-45036 Cross-site Scripting vulnerability in Wbce CMS 1.5.4
A cross-site scripting (XSS) vulnerability in the Search Settings module of WBCE CMS v1.5.4 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the No Results field.
network
low complexity
wbce CWE-79
5.4
2022-11-25 CVE-2022-45037 Cross-site Scripting vulnerability in Wbce CMS 1.5.4
A cross-site scripting (XSS) vulnerability in /admin/users/index.php of WBCE CMS v1.5.4 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Display Name field.
network
low complexity
wbce CWE-79
5.4
2022-11-25 CVE-2022-45038 Cross-site Scripting vulnerability in Wbce CMS 1.5.4
A cross-site scripting (XSS) vulnerability in /admin/settings/save.php of WBCE CMS v1.5.4 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Website Footer field.
network
low complexity
wbce CWE-79
5.4
2022-11-25 CVE-2022-45039 Unrestricted Upload of File with Dangerous Type vulnerability in Wbce CMS 1.5.4
An arbitrary file upload vulnerability in the Server Settings module of WBCE CMS v1.5.4 allows attackers to execute arbitrary code via a crafted PHP file.
network
low complexity
wbce CWE-434
7.2