VYPR

Wcms

by Vedees

Source repositories

CVEs (8)

  • CVE-2019-11377HigApr 20, 2019
    risk 0.57cvss 8.8epss 0.02

    wcms/wex/finder/action.php in WCMS v0.3.2 has a Arbitrary File Upload Vulnerability via developer/finder because .php is a valid extension according to the fm_get_text_exts function.

  • CVE-2020-24136HigApr 7, 2021
    risk 0.56cvss 8.6epss 0.02

    Directory traversal in Wcms 0.3.2 allows an attacker to read arbitrary files on the server that is running an application via the pagename parameter to wex/html.php.

  • CVE-2020-24140HigApr 7, 2021
    risk 0.54cvss 8.3epss 0.01

    Server-side request forgery in Wcms 0.3.2 let an attacker send crafted requests from the back-end server of a vulnerable web application via the pagename parameter to wex/html.php. It can help identify open ports, local network hosts and execute command on local services.

  • CVE-2020-24139HigApr 7, 2021
    risk 0.54cvss 8.3epss 0.01

    Server-side request forgery in Wcms 0.3.2 lets an attacker send crafted requests from the back-end server of a vulnerable web application via the path parameter to wex/cssjs.php. It can help identify open ports, local network hosts and execute command on local services.

  • CVE-2020-24135MedApr 7, 2021
    risk 0.40cvss 6.1epss 0.01

    A Reflected Cross Site Scripting (XSS) Vulnerability was discovered in Wcms 0.3.2, which allows remote attackers to inject arbitrary web script and HTML via the type parameter to wex/cssjs.php.

  • CVE-2020-24138MedApr 7, 2021
    risk 0.40cvss 6.1epss 0.01

    Cross Site Scripting (XSS) vulnerability in wcms 0.3.2 allows remote attackers to inject arbitrary web script and HTML via the pagename parameter to wex/html.php.

  • CVE-2024-8875MedSep 15, 2024
    risk 0.35cvss 5.4epss 0.01

    A vulnerability classified as critical was found in vedees wcms up to 0.3.2. Affected by this vulnerability is an unknown functionality of the file /wex/finder.php. The manipulation of the argument p leads to path traversal. The attack can be launched remotely. The exploit has…

  • CVE-2020-24137MedApr 7, 2021
    risk 0.35cvss 5.3epss 0.01

    Directory traversal vulnerability in Wcms 0.3.2 allows an attacker to read arbitrary files on the server that is running an application via the path parameter to wex/cssjs.php.