📦 Wtcms

WTCMS 1.0 has an incorrect access control vulnerability in the HomebaseController that allows attackers to bypass authentication and authorization mechanisms. This affects all installations of WTCMS 1...

This CVE describes a remote code injection vulnerability in taosir WTCMS that allows attackers to execute arbitrary code by manipulating the 'content' parameter in the fetch function. The vulnerabilit...

This CVE describes an SQL injection vulnerability in taosir WTCMS's SlideController component. Attackers can exploit this to execute arbitrary SQL commands on the database. All installations up to com...

This CVE describes a SQL injection vulnerability in taosir WTCMS's comment administration component. Attackers can remotely exploit this flaw by manipulating comment IDs to execute arbitrary SQL comma...

This vulnerability in WTCMS 1.0 allows attackers to inject malicious scripts via the plupload method in AssetController.class.php due to improper input sanitization. This affects all users of WTCMS 1....