Vulnerabilities > Wcms

DATE CVE VULNERABILITY TITLE RISK
2024-09-15 CVE-2024-8875 Path Traversal vulnerability in Wcms
A vulnerability classified as critical was found in vedees wcms up to 0.3.2.
network
low complexity
wcms CWE-22
critical
 9.1
9.1
2023-06-27 CVE-2020-19902 Path Traversal vulnerability in Wcms 0.3.2
Directory Traversal vulnerability found in Cryptoprof WCMS v.0.3.2 allows a remote attacker to execute arbitrary code via the wex/cssjs.php parameter.
network
low complexity
wcms CWE-22
critical
 9.8
9.8
2023-05-22 CVE-2023-31689 Unrestricted Upload of File with Dangerous Type vulnerability in Wcms 0.3.2
In Wcms 0.3.2, an attacker can send a crafted request from a vulnerable web application backend server /wcms/wex/html.php via the finish parameter and the textAreaCode parameter.
network
low complexity
wcms CWE-434
critical
 9.8
9.8
2021-04-07 CVE-2020-24140 Server-Side Request Forgery (SSRF) vulnerability in Wcms 0.3.2
Server-side request forgery in Wcms 0.3.2 let an attacker send crafted requests from the back-end server of a vulnerable web application via the pagename parameter to wex/html.php.
network
low complexity
wcms CWE-918
8.3
8.3
2021-04-07 CVE-2020-24139 Server-Side Request Forgery (SSRF) vulnerability in Wcms 0.3.2
Server-side request forgery in Wcms 0.3.2 lets an attacker send crafted requests from the back-end server of a vulnerable web application via the path parameter to wex/cssjs.php.
network
low complexity
wcms CWE-918
8.3
8.3
2021-04-07 CVE-2020-24137 Path Traversal vulnerability in Wcms 0.3.2
Directory traversal vulnerability in Wcms 0.3.2 allows an attacker to read arbitrary files on the server that is running an application via the path parameter to wex/cssjs.php.
network
low complexity
wcms CWE-22
5.3
5.3
2021-04-07 CVE-2020-24135 Cross-site Scripting vulnerability in Wcms 0.3.2
A Reflected Cross Site Scripting (XSS) Vulnerability was discovered in Wcms 0.3.2, which allows remote attackers to inject arbitrary web script and HTML via the type parameter to wex/cssjs.php.
network
low complexity
wcms CWE-79
6.1
6.1
2021-04-07 CVE-2020-24138 Cross-site Scripting vulnerability in Wcms 0.3.2
Cross Site Scripting (XSS) vulnerability in wcms 0.3.2 allows remote attackers to inject arbitrary web script and HTML via the pagename parameter to wex/html.php.
network
low complexity
wcms CWE-79
6.1
6.1
2021-04-07 CVE-2020-24136 Path Traversal vulnerability in Wcms 0.3.2
Directory traversal in Wcms 0.3.2 allows an attacker to read arbitrary files on the server that is running an application via the pagename parameter to wex/html.php.
network
low complexity
wcms CWE-22
8.6
8.6
2019-07-23 CVE-2019-14240 Path Traversal vulnerability in Wcms 0.3.2
WCMS v0.3.2 has a CSRF vulnerability, with resultant directory traversal, to modify index.html via the /wex/html.php?finish=../index.html URI.
network
low complexity
wcms CWE-22
8.1
8.1