VYPR

Wtcms

by Taosir

CVEs (5)

  • CVE-2019-8908CriFeb 18, 2019
    risk 0.64cvss 9.8epss 0.02

    An issue was discovered in WTCMS 1.0. It allows remote attackers to execute arbitrary PHP code by going to the "Setting -> Mailbox configuration -> Registration email template" screen, and uploading an image file, as demonstrated by a .php filename and the "Content-Type:…

  • CVE-2019-8909HigFeb 18, 2019
    risk 0.49cvss 7.5epss 0.02

    An issue was discovered in WTCMS 1.0. It allows remote attackers to cause a denial of service (resource consumption) via crafted dimensions for the verification code image.

  • CVE-2020-20343MedSep 1, 2021
    risk 0.42cvss 6.5epss 0.00

    WTCMS 1.0 contains a cross-site request forgery (CSRF) vulnerability in the index.php?g=admin&m=nav&a=add_post component that allows attackers to arbitrarily add articles in the administrator background.

  • CVE-2019-8911MedFeb 18, 2019
    risk 0.40cvss 6.1epss 0.01

    An issue was discovered in WTCMS 1.0. It has stored XSS via the third text box (for the website statistics code).

  • CVE-2020-20349MedSep 1, 2021
    risk 0.35cvss 5.4epss 0.01

    WTCMS 1.0 contains a stored cross-site scripting (XSS) vulnerability in the link address field under the background links module.