📦 Wcms

CVE-2020-19902 is a critical directory traversal vulnerability in Cryptoprof WCMS v0.3.2 that allows remote attackers to execute arbitrary code via the wex/cssjs.php parameter. This affects all system...

This vulnerability in Wcms 0.3.2 allows unauthenticated attackers to upload arbitrary files and execute malicious code through crafted requests to the /wcms/wex/html.php endpoint. Attackers can achiev...

This critical SQL injection vulnerability in WCMS 11 allows remote attackers to execute arbitrary SQL commands by manipulating email/username parameters in the AnonymousController.php file. Attackers ...

CVE-2020-24139 is a server-side request forgery (SSRF) vulnerability in Wcms 0.3.2 that allows attackers to make arbitrary HTTP requests from the vulnerable server via the path parameter in wex/cssjs....

This CVE describes an improper authentication vulnerability in WCMS that allows attackers to bypass authentication mechanisms by manipulating the uid parameter in the getMemberByUid function. The vuln...