Vulnerabilities > Wolfcms > High

DATE CVE VULNERABILITY TITLE RISK
2017-04-14 CVE-2015-6568 Improper Input Validation vulnerability in Wolfcms Wolf CMS
Wolf CMS before 0.8.3.1 allows unrestricted file rename and PHP Code Execution because admin/plugin/file_manager/browse/ (aka the filemanager) does not prevent a change of a file extension to ".php" after originally using the parameter "filename" for uploading a JPEG image.
network
low complexity
wolfcms CWE-20
8.8
8.8
2017-04-14 CVE-2015-6567 Improper Input Validation vulnerability in Wolfcms Wolf CMS
Wolf CMS before 0.8.3.1 allows unrestricted file upload and PHP Code Execution because admin/plugin/file_manager/browse/ (aka the filemanager) does not validate the parameter "filename" properly.
network
low complexity
wolfcms CWE-20
8.8
8.8