VYPR
Vendor

Wtcms

Products
1
CVEs
14
Across products
14
Status
Private

Products

1

Recent CVEs

14
  • CVE-2024-48237CriOct 25, 2024
    risk 0.64cvss 9.8epss 0.00

    WTCMS 1.0 is vulnerable to Incorrect Access Control in \Common\Controller\HomebaseController.class.php.

  • CVE-2019-8908CriFeb 18, 2019
    risk 0.64cvss 9.8epss 0.02

    An issue was discovered in WTCMS 1.0. It allows remote attackers to execute arbitrary PHP code by going to the "Setting -> Mailbox configuration -> Registration email template" screen, and uploading an image file, as demonstrated by a .php filename and the "Content-Type:…

  • CVE-2019-8910HigFeb 18, 2019
    risk 0.57cvss 8.8epss 0.01

    An issue was discovered in WTCMS 1.0. It allows index.php?g=admin&m=setting&a=site_post CSRF.

  • CVE-2019-8909HigFeb 18, 2019
    risk 0.49cvss 7.5epss 0.02

    An issue was discovered in WTCMS 1.0. It allows remote attackers to cause a denial of service (resource consumption) via crafted dimensions for the verification code image.

  • CVE-2020-20343MedSep 1, 2021
    risk 0.42cvss 6.5epss 0.00

    WTCMS 1.0 contains a cross-site request forgery (CSRF) vulnerability in the index.php?g=admin&m=nav&a=add_post component that allows attackers to arbitrarily add articles in the administrator background.

  • CVE-2019-16719MedSep 23, 2019
    risk 0.42cvss 6.5epss 0.01

    WTCMS 1.0 allows index.php?g=admin&m=index&a=index CSRF with resultant XSS.

  • CVE-2019-8911MedFeb 18, 2019
    risk 0.40cvss 6.1epss 0.01

    An issue was discovered in WTCMS 1.0. It has stored XSS via the third text box (for the website statistics code).

  • CVE-2020-20349MedSep 1, 2021
    risk 0.35cvss 5.4epss 0.01

    WTCMS 1.0 contains a stored cross-site scripting (XSS) vulnerability in the link address field under the background links module.

  • CVE-2020-20348MedSep 1, 2021
    risk 0.35cvss 5.4epss 0.01

    WTCMS 1.0 contains a stored cross-site scripting (XSS) vulnerability in the link field under the background menu management module.

  • CVE-2020-20347MedSep 1, 2021
    risk 0.35cvss 5.4epss 0.01

    WTCMS 1.0 contains a stored cross-site scripting (XSS) vulnerability in the source field under the article management module.

  • CVE-2020-20345MedSep 1, 2021
    risk 0.35cvss 5.4epss 0.01

    WTCMS 1.0 contains a reflective cross-site scripting (XSS) vulnerability in the page management background which allows attackers to obtain cookies via a crafted payload entered into the search box.

  • CVE-2020-20344MedSep 1, 2021
    risk 0.35cvss 5.4epss 0.01

    WTCMS 1.0 contains a reflective cross-site scripting (XSS) vulnerability in the keyword search function under the background articles module.

  • CVE-2024-48239MedOct 25, 2024
    risk 0.31cvss 4.8epss 0.00

    An issue was discovered in WTCMS 1.0. In the plupload method in \AssetController.class.php, the app parameters aren't processed, resulting in Cross Site Scripting (XSS).

  • CVE-2024-48238MedOct 25, 2024
    risk 0.31cvss 4.7epss 0.00

    WTCMS 1.0 is vulnerable to SQL Injection in the edit_post method of /Admin\Controller\NavControl.class.php via the parentid parameter.