VYPR
Vendor

Shadoweb

Products
1
CVEs
5
Across products
5
Status
Private

Products

1

Recent CVEs

5
  • CVE-2021-42185CriMay 4, 2022
    risk 0.64cvss 9.8epss 0.01

    wdja v2.1 is affected by a SQL injection vulnerability in the foreground search function.

  • CVE-2020-20982CriNov 3, 2021
    risk 0.63cvss 9.6epss 0.06

    Cross Site Scripting (XSS) vulnerability in shadoweb wdja v1.5.1, allows attackers to execute arbitrary code and gain escalated privileges, via the backurl parameter to /php/passport/index.php.

  • CVE-2020-21648CriOct 6, 2021
    risk 0.59cvss 9.1epss 0.01

    WDJA CMS v1.5.2 contains an arbitrary file deletion vulnerability in the component admin/cache/manage.php.

  • CVE-2020-21658MedOct 6, 2021
    risk 0.42cvss 6.5epss 0.00

    A Cross-Site Request Forgery (CSRF) in WDJA CMS v1.5.2 allows attackers to arbitrarily add administrator accounts via a crafted URL.

  • CVE-2020-23631MedJan 11, 2021
    risk 0.40cvss 6.1epss 0.00

    Cross-site request forgery (CSRF) in admin/global/manage.php in WDJA CMS 1.5 allows remote attackers to conduct cross-site scripting (XSS) attacks via the tongji parameter.