VYPR

wCMS

by wCMS

CVEs (11)

  • CVE-2023-31689CriMay 22, 2023
    risk 0.65cvss 9.8epss 0.20

    In Wcms 0.3.2, an attacker can send a crafted request from a vulnerable web application backend server /wcms/wex/html.php via the finish parameter and the textAreaCode parameter. It can write arbitrary strings into custom file names and upload any files, and write malicious code…

  • CVE-2019-11377HigApr 20, 2019
    risk 0.57cvss 8.8epss 0.02

    wcms/wex/finder/action.php in WCMS v0.3.2 has a Arbitrary File Upload Vulnerability via developer/finder because .php is a valid extension according to the fm_get_text_exts function.

  • CVE-2019-14240HigJul 23, 2019
    risk 0.53cvss 8.1epss 0.01

    WCMS v0.3.2 has a CSRF vulnerability, with resultant directory traversal, to modify index.html via the /wex/html.php?finish=../index.html URI.

  • CVE-2025-3800HigApr 19, 2025
    risk 0.47cvss 7.3epss 0.01

    A vulnerability has been found in WCMS 11 and classified as critical. Affected by this vulnerability is an unknown functionality of the file app/controllers/AnonymousController.php. The manipulation of the argument mobile_phone leads to sql injection. The attack can be launched…

  • CVE-2025-3799HigApr 19, 2025
    risk 0.47cvss 7.3epss 0.00

    A vulnerability, which was classified as critical, was found in WCMS 11. Affected is an unknown function of the file app/controllers/AnonymousController.php. The manipulation of the argument email/username leads to sql injection. It is possible to launch the attack remotely. The…

  • CVE-2025-2978MedMar 31, 2025
    risk 0.41cvss 6.3epss 0.00

    A vulnerability was found in WCMS 11. It has been rated as critical. Affected by this issue is some unknown functionality of the file /index.php?articleadmin/upload/?&CKEditor=container&CKEditorFuncNum=1 of the component Article Publishing Page. The manipulation of the argument…

  • CVE-2026-38669MedMay 4, 2026
    risk 0.40cvss 6.1epss 0.00

    wCMS v.1.4 is vulnerable to Cross Site Scripting (XSS) when creating a new blog.

  • CVE-2025-5149MedMay 25, 2025
    risk 0.36cvss 5.6epss 0.01

    A vulnerability was found in WCMS up to 8.3.11. It has been declared as critical. Affected by this vulnerability is the function getMemberByUid of the file /index.php?articleadmin/getallcon of the component Login. The manipulation of the argument uid leads to improper…

  • CVE-2025-3798MedApr 19, 2025
    risk 0.31cvss 4.7epss 0.00

    A vulnerability, which was classified as critical, has been found in WCMS 11. This issue affects the function sub of the file app/admin/AdvadminController.php of the component Advertisement Image Handler. The manipulation leads to unrestricted upload. The attack may be initiated…

  • CVE-2025-2979LowMar 31, 2025
    risk 0.16cvss 2.4epss 0.00

    A vulnerability classified as problematic has been found in WCMS 11. This affects an unknown part of the file /index.php?anonymous/setregister of the component Registration. The manipulation of the argument Username leads to cross site scripting. It is possible to initiate the…

  • CVE-2005-4488Dec 22, 2005
    risk 0.03cvss epss 0.02

    Multiple cross-site scripting (XSS) vulnerabilities in index.tpl in Redakto WCMS 3.2 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) iid, (2) iid2, (3) r, (4) cart, (5) str, (6) nf, and (7) a parameters.