Vulnerabilities > Wondercms > Critical
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2021-04-20 | CVE-2020-35314 | OS Command Injection vulnerability in Wondercms 3.1.3 A remote code execution vulnerability in the installUpdateThemePluginAction function in index.php in WonderCMS 3.1.3, allows remote attackers to upload a custom plugin which can contain arbitrary code and obtain a webshell via the theme/plugin installer. | 9.8 |
| 2021-04-20 | CVE-2020-35313 | Server-Side Request Forgery (SSRF) vulnerability in Wondercms 3.1.3 A server-side request forgery (SSRF) vulnerability in the addCustomThemePluginRepository function in index.php in WonderCMS 3.1.3 allows remote attackers to execute arbitrary code via a crafted URL to the theme/plugin installer. | 9.8 |
| 2017-03-17 | CVE-2014-8705 | Improper Input Validation vulnerability in Wondercms 2014 PHP remote file inclusion vulnerability in editInplace.php in Wonder CMS 2014 allows remote attackers to execute arbitrary PHP code via a URL in the hook parameter. | 9.8 |
| 2017-03-17 | CVE-2014-8704 | Path Traversal vulnerability in Wondercms 2014 Directory traversal vulnerability in index.php in Wonder CMS 2014 allows remote attackers to include and execute arbitrary local files via a crafted theme. | 9.8 |