Wtcms Project ≫ Wtcms

A vulnerability was detected in taosir WTCMS up to 01a5f68a3dfc2fdddb44eed967bb2d4f60487665. Impacted is the function fetch of the file /index.php. Performing manipulation of the argument content results in code injection. It is possible to initiate ...

A security flaw has been discovered in taosir WTCMS up to 01a5f68a3dfc2fdddb44eed967bb2d4f60487665. This affects the function check/uncheck/delete of the file application/Comment/Controller/CommentadminController.class.php of the component Commentadm...

A vulnerability was identified in taosir WTCMS up to 01a5f68a3dfc2fdddb44eed967bb2d4f60487665. Affected by this issue is the function delete of the file application/Admin/Controller/SlideController.class.php of the component SlideController. The mani...

An issue was discovered in WTCMS 1.0. In the plupload method in \AssetController.class.php, the app parameters aren't processed, resulting in Cross Site Scripting (XSS).

WTCMS 1.0 is vulnerable to SQL Injection in the edit_post method of /Admin\Controller\NavControl.class.php via the parentid parameter.

WTCMS 1.0 is vulnerable to Incorrect Access Control in \Common\Controller\HomebaseController.class.php.

WTCMS 1.0 contains a stored cross-site scripting (XSS) vulnerability in the source field under the article management module.

WTCMS 1.0 contains a stored cross-site scripting (XSS) vulnerability in the link address field under the background links module.

WTCMS 1.0 contains a stored cross-site scripting (XSS) vulnerability in the link field under the background menu management module.

WTCMS 1.0 contains a reflective cross-site scripting (XSS) vulnerability in the page management background which allows attackers to obtain cookies via a crafted payload entered into the search box.