Vulnerabilities > Wondercms > High
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2021-04-20 | CVE-2020-35314 | OS Command Injection vulnerability in Wondercms 3.1.3 A remote code execution vulnerability in the installUpdateThemePluginAction function in index.php in WonderCMS 3.1.3, allows remote attackers to upload a custom plugin which can contain arbitrary code and obtain a webshell via the theme/plugin installer. | 7.5 |
| 2021-04-20 | CVE-2020-35313 | Server-Side Request Forgery (SSRF) vulnerability in Wondercms 3.1.3 A server-side request forgery (SSRF) vulnerability in the addCustomThemePluginRepository function in index.php in WonderCMS 3.1.3 allows remote attackers to execute arbitrary code via a crafted URL to the theme/plugin installer. | 7.5 |
| 2019-09-12 | CVE-2019-5956 | Path Traversal vulnerability in Wondercms Directory traversal vulnerability in WonderCMS 2.6.0 and earlier allows remote attackers to delete arbitrary files via unspecified vectors. | 7.5 |
| 2018-01-26 | CVE-2017-14523 | Injection vulnerability in Wondercms 2.3.1 WonderCMS 2.3.1 is vulnerable to an HTTP Host header injection attack. | 7.5 |
| 2017-03-17 | CVE-2014-8705 | Improper Input Validation vulnerability in Wondercms 2014 PHP remote file inclusion vulnerability in editInplace.php in Wonder CMS 2014 allows remote attackers to execute arbitrary PHP code via a URL in the hook parameter. | 7.5 |
| 2017-03-17 | CVE-2014-8704 | Path Traversal vulnerability in Wondercms 2014 Directory traversal vulnerability in index.php in Wonder CMS 2014 allows remote attackers to include and execute arbitrary local files via a crafted theme. | 7.5 |