Latest wbce wbce cms Vulnerabilities

CVE-2023-39796
SQL injection vulnerability in the miniform module in WBCE CMS v.1.6.0 allows remote unauthenticated attacker to execute arbitrary code via the DB_RECORD_TABLE parameter.
Wbce Wbce Cms=1.6.0
CVE-2023-46054
Cross Site Scripting (XSS) vulnerability in WBCE CMS v.1.6.1 and before allows a remote attacker to escalate privileges via a crafted script to the website_footer parameter in the admin/settings/save....
Wbce Wbce Cms<=1.6.1
CVE-2023-43871
A File upload vulnerability in WBCE v.1.6.1 allows a local attacker to upload a pdf file with hidden Cross Site Scripting (XSS).
Wbce Wbce Cms=1.6.1
CVE-2023-38947
An arbitrary file upload vulnerability in the /languages/install.php component of WBCE CMS v1.6.1 allows attackers to execute arbitrary code via a crafted PHP file.
Wbce Wbce Cms=1.6.1
CVE-2023-29855
WBCE CMS 1.5.3 has a command execution vulnerability via admin/languages/install.php.
Wbce Wbce Cms=1.5.3
CVE-2022-46020
WBCE CMS v1.5.4 can implement getshell by modifying the upload file type.
Wbce Wbce Cms=1.5.4
CVE-2022-45039
An arbitrary file upload vulnerability in the Server Settings module of WBCE CMS v1.5.4 allows attackers to execute arbitrary code via a crafted PHP file.
Wbce Wbce Cms=1.5.4
CVE-2022-45040
A cross-site scripting (XSS) vulnerability in /admin/pages/sections_save.php of WBCE CMS v1.5.4 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Name S...
Wbce Wbce Cms=1.5.4
CVE-2022-45036
A cross-site scripting (XSS) vulnerability in the Search Settings module of WBCE CMS v1.5.4 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the No Results...
Wbce Wbce Cms=1.5.4
CVE-2022-45038
A cross-site scripting (XSS) vulnerability in /admin/settings/save.php of WBCE CMS v1.5.4 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Website Foot...
Wbce Wbce Cms=1.5.4
CVE-2022-45037
A cross-site scripting (XSS) vulnerability in /admin/users/index.php of WBCE CMS v1.5.4 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Display Name f...
Wbce Wbce Cms=1.5.4
CVE-2022-45016
A cross-site scripting (XSS) vulnerability in the Search Settings module of WBCE CMS v1.5.4 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Footer fie...
Wbce Wbce Cms<=1.5.4
CVE-2022-45014
A cross-site scripting (XSS) vulnerability in the Search Settings module of WBCE CMS v1.5.4 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Results He...
Wbce Wbce Cms<=1.5.4
CVE-2022-45015
A cross-site scripting (XSS) vulnerability in the Search Settings module of WBCE CMS v1.5.4 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Results Fo...
Wbce Wbce Cms<=1.5.4
CVE-2022-45017
A cross-site scripting (XSS) vulnerability in the Overview Page settings module of WBCE CMS v1.5.4 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Pos...
Wbce Wbce Cms<=1.5.4
CVE-2022-45013
A cross-site scripting (XSS) vulnerability in the Show Advanced Option module of WBCE CMS v1.5.4 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Secti...
Wbce Wbce Cms<=1.5.4
CVE-2022-45012
A cross-site scripting (XSS) vulnerability in the Modify Page module of WBCE CMS v1.5.4 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Source field.
Wbce Wbce Cms<=1.5.4
CVE-2022-4006
A vulnerability, which was classified as problematic, has been found in WBCE CMS. Affected by this issue is the function increase_attempts of the file wbce/framework/class.login.php of the component H...
Wbce Wbce Cms
CVE-2022-30072
WBCE CMS 1.5.2 is vulnerable to Cross Site Scripting (XSS) via \admin\pages\sections_save.php namesection2 parameters.
Wbce Wbce Cms=1.5.2
CVE-2022-30073
WBCE CMS 1.5.2 is vulnerable to Cross Site Scripting (XSS) via /admin/users/save.php.
Wbce Wbce Cms=1.5.2
CVE-2022-28477
WBCE CMS 1.5.2 is vulnerable to Cross Site Scripting (XSS).
Wbce Wbce Cms=1.5.2
CVE-2022-25101
Wbce Wbce Cms=1.5.2
CVE-2022-25099
A vulnerability in the component /languages/index.php of WBCE CMS v1.5.2 allows attackers to execute arbitrary code via a crafted PHP file.
Wbce Wbce Cms=1.5.2
CVE-2021-3817
wbce_cms is vulnerable to Improper Neutralization of Special Elements used in an SQL Command
Wbce Wbce Cms<1.5.2
CVE-2019-17575
A file-rename filter bypass exists in admin/media/rename.php in WBCE CMS 1.4.0 and earlier. This can be exploited by an authenticated user with admin privileges to rename a media filename and extensio...
Wbce Wbce Cms<=1.4.0

Company

Resources

Contact

SecAlerts Pty Ltd.
132 Wickham Terrace
Fortitude Valley,
QLD 4006, Australia
info@secalerts.co
By using SecAlerts services, you agree to our services end-user license agreement. This website is safeguarded by reCAPTCHA and governed by the Google Privacy Policy and Terms of Service. All names, logos, and brands of products are owned by their respective owners, and any usage of these names, logos, and brands for identification purposes only does not imply endorsement. If you possess any content that requires removal, please get in touch with us.
© 2024 SecAlerts Pty Ltd.
ABN: 70 645 966 203, ACN: 645 966 203