Vulnerabilities > Wbce > Wbce CMS > High
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2023-08-03 | CVE-2023-38947 | Unrestricted Upload of File with Dangerous Type vulnerability in Wbce CMS 1.6.1 An arbitrary file upload vulnerability in the /languages/install.php component of WBCE CMS v1.6.1 allows attackers to execute arbitrary code via a crafted PHP file. | 7.2 |
| 2023-04-18 | CVE-2023-29855 | Command Injection vulnerability in Wbce CMS 1.5.3 WBCE CMS 1.5.3 has a command execution vulnerability via admin/languages/install.php. | 7.2 |
| 2022-11-25 | CVE-2022-45039 | Unrestricted Upload of File with Dangerous Type vulnerability in Wbce CMS 1.5.4 An arbitrary file upload vulnerability in the Server Settings module of WBCE CMS v1.5.4 allows attackers to execute arbitrary code via a crafted PHP file. | 7.2 |
| 2022-11-15 | CVE-2022-4006 | Improper Restriction of Excessive Authentication Attempts vulnerability in Wbce CMS A vulnerability, which was classified as problematic, has been found in WBCE CMS. | 7.5 |
| 2022-02-24 | CVE-2022-25099 | Unspecified vulnerability in Wbce CMS 1.5.2 A vulnerability in the component /languages/index.php of WBCE CMS v1.5.2 allows attackers to execute arbitrary code via a crafted PHP file. | 7.8 |
| 2022-02-24 | CVE-2022-25101 | Unspecified vulnerability in Wbce CMS 1.5.2 A vulnerability in the component /templates/install.php of WBCE CMS v1.5.2 allows attackers to execute arbitrary code via a crafted PHP file. | 7.8 |
| 2019-10-14 | CVE-2019-17575 | Use of Incorrectly-Resolved Name or Reference vulnerability in Wbce CMS A file-rename filter bypass exists in admin/media/rename.php in WBCE CMS 1.4.0 and earlier. | 7.2 |
| 2017-04-28 | CVE-2017-2120 | SQL Injection vulnerability in Wbce CMS SQL injection vulnerability in the WBCE CMS 1.1.10 and earlier allows attacker with administrator rights to execute arbitrary SQL commands via unspecified vectors. | 7.2 |
| 2017-04-28 | CVE-2017-2119 | Path Traversal vulnerability in Wbce CMS Directory traversal vulnerability in WBCE CMS 1.1.10 and earlier allows remote attackers to read arbitrary files via unspecified vectors. | 8.6 |