Vulnerabilities > Wondercms
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2021-04-20 | CVE-2020-35314 | OS Command Injection vulnerability in Wondercms 3.1.3 A remote code execution vulnerability in the installUpdateThemePluginAction function in index.php in WonderCMS 3.1.3, allows remote attackers to upload a custom plugin which can contain arbitrary code and obtain a webshell via the theme/plugin installer. | 7.5 |
2021-04-20 | CVE-2020-35313 | Server-Side Request Forgery (SSRF) vulnerability in Wondercms 3.1.3 A server-side request forgery (SSRF) vulnerability in the addCustomThemePluginRepository function in index.php in WonderCMS 3.1.3 allows remote attackers to execute arbitrary code via a crafted URL to the theme/plugin installer. | 7.5 |
2020-12-30 | CVE-2020-29469 | Cross-site Scripting vulnerability in Wondercms 3.1.3 WonderCMS 3.1.3 is affected by cross-site scripting (XSS) in the Menu component. | 3.5 |
2020-12-30 | CVE-2020-29233 | Cross-site Scripting vulnerability in Wondercms 3.1.3 WonderCMS 3.1.3 is affected by cross-site scripting (XSS) in the Page description component. | 3.5 |
2020-12-24 | CVE-2020-29247 | Cross-site Scripting vulnerability in Wondercms 3.1.3 WonderCMS 3.1.3 is affected by cross-site scripting (XSS) in the Admin Panel. | 4.3 |
2019-09-12 | CVE-2019-5956 | Path Traversal vulnerability in Wondercms Directory traversal vulnerability in WonderCMS 2.6.0 and earlier allows remote attackers to delete arbitrary files via unspecified vectors. | 7.5 |
2018-07-18 | CVE-2018-14387 | Session Fixation vulnerability in Wondercms An issue was discovered in WonderCMS before 2.5.2. | 6.8 |
2018-02-27 | CVE-2018-7172 | Path Traversal vulnerability in Wondercms In index.php in WonderCMS before 2.4.1, remote attackers can delete arbitrary files via directory traversal. | 5.5 |
2018-02-09 | CVE-2018-1000062 | Cross-site Scripting vulnerability in Wondercms 2.4.0 WonderCMS version 2.4.0 contains a Stored Cross-Site Scripting on File Upload through SVG vulnerability in uploadFileAction(), 'svg' => 'image/svg+xml' that can result in An attacker can execute arbitrary script on an unsuspecting user's browser. | 3.5 |
2018-01-26 | CVE-2017-14523 | Injection vulnerability in Wondercms 2.3.1 ** DISPUTED ** WonderCMS 2.3.1 is vulnerable to an HTTP Host header injection attack. | 5.0 |