Vulnerabilities > Wolfcms > Wolf CMS > 0.5.0

DATE CVE VULNERABILITY TITLE RISK
2022-06-09 CVE-2019-25070 Cross-site Scripting vulnerability in Wolfcms Wolf CMS
** UNSUPPORTED WHEN ASSIGNED ** A vulnerability was found in WolfCMS up to 0.8.3.1.
network
low complexity
wolfcms CWE-79
6.1
6.1
2020-02-19 CVE-2012-1932 Cross-site Scripting vulnerability in Wolfcms Wolf CMS
A cross-site scripting (XSS) vulnerability in Wolf CMS 0.75 and earlier allows remote attackers to inject arbitrary web script or HTML via the setting[admin_email] parameter to admin/setting.
network
low complexity
wolfcms CWE-79
4.8
4.8
2017-04-14 CVE-2015-6568 Improper Input Validation vulnerability in Wolfcms Wolf CMS
Wolf CMS before 0.8.3.1 allows unrestricted file rename and PHP Code Execution because admin/plugin/file_manager/browse/ (aka the filemanager) does not prevent a change of a file extension to ".php" after originally using the parameter "filename" for uploading a JPEG image.
network
low complexity
wolfcms CWE-20
8.8
8.8
2017-04-14 CVE-2015-6567 Improper Input Validation vulnerability in Wolfcms Wolf CMS
Wolf CMS before 0.8.3.1 allows unrestricted file upload and PHP Code Execution because admin/plugin/file_manager/browse/ (aka the filemanager) does not validate the parameter "filename" properly.
network
low complexity
wolfcms CWE-20
8.8
8.8