Vulnerabilities > Wondercms

DATE	CVE	VULNERABILITY TITLE	RISK
2019-09-12	CVE-2019-5956	Path Traversal vulnerability in Wondercms Directory traversal vulnerability in WonderCMS 2.6.0 and earlier allows remote attackers to delete arbitrary files via unspecified vectors. network low complexity wondercms CWE-22	6.5
2018-07-18	CVE-2018-14387	Session Fixation vulnerability in Wondercms An issue was discovered in WonderCMS before 2.5.2. network low complexity wondercms CWE-384	8.8
2018-02-27	CVE-2018-7172	Path Traversal vulnerability in Wondercms In index.php in WonderCMS before 2.4.1, remote attackers can delete arbitrary files via directory traversal. network low complexity wondercms CWE-22	4.9
2018-02-09	CVE-2018-1000062	Cross-site Scripting vulnerability in Wondercms 2.4.0 WonderCMS version 2.4.0 contains a Stored Cross-Site Scripting on File Upload through SVG vulnerability in uploadFileAction(), 'svg' => 'image/svg+xml' that can result in An attacker can execute arbitrary script on an unsuspecting user's browser. network high complexity wondercms CWE-79	4.4
2018-01-26	CVE-2017-14523	Injection vulnerability in Wondercms 2.3.1 WonderCMS 2.3.1 is vulnerable to an HTTP Host header injection attack. network low complexity wondercms CWE-74	7.5
2018-01-26	CVE-2017-14522	Cross-site Scripting vulnerability in Wondercms 2.3.1 In WonderCMS 2.3.1, the application's input fields accept arbitrary user input resulting in execution of malicious JavaScript. network low complexity wondercms CWE-79	6.1
2018-01-26	CVE-2017-14521	Unrestricted Upload of File with Dangerous Type vulnerability in Wondercms 2.3.0/2.3.1 In WonderCMS 2.3.1, the upload functionality accepts random application extensions and leads to malicious File Upload. network low complexity wondercms CWE-434	8.8
2017-04-21	CVE-2017-7951	Cross-Site Request Forgery (CSRF) vulnerability in Wondercms WonderCMS before 2.0.3 has CSRF because of lack of a token in an unspecified context. network low complexity wondercms CWE-352	8.8
2017-03-17	CVE-2014-8705	Improper Input Validation vulnerability in Wondercms 2014 PHP remote file inclusion vulnerability in editInplace.php in Wonder CMS 2014 allows remote attackers to execute arbitrary PHP code via a URL in the hook parameter. network low complexity wondercms CWE-20 critical	9.8
2017-03-17	CVE-2014-8704	Path Traversal vulnerability in Wondercms 2014 Directory traversal vulnerability in index.php in Wonder CMS 2014 allows remote attackers to include and execute arbitrary local files via a crafted theme. network low complexity wondercms CWE-22 critical	9.8

Vulnerabilities > Wondercms {"@context":"https://schema.org","@type":"BreadcrumbList","itemListElement":[{"@type":"ListItem","position":1,"name":"Vulnerabilities","item":"https://cyber.vumetric.com/vulns/"},{"@type":"ListItem","position":2,"name":"Wondercms"}]}

Vulnerabilities > Wondercms