Wtcms Project ≫ Wtcms

15 vulnerabilities found.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.

9.8

CVE-2024-48237

Exploit

EPSS 0.2%
Published 25.10.2024 22:15:02
Last modified 17.04.2025 19:00:36

WTCMS 1.0 is vulnerable to Incorrect Access Control in \Common\Controller\HomebaseController.class.php.

4.7

CVE-2024-48238

Exploit

EPSS 0.13%
Published 25.10.2024 22:15:02
Last modified 17.04.2025 18:59:35

WTCMS 1.0 is vulnerable to SQL Injection in the edit_post method of /Admin\Controller\NavControl.class.php via the parentid parameter.

4.8

CVE-2024-48239

Exploit

EPSS 0.09%
Published 25.10.2024 22:15:02
Last modified 17.04.2025 18:56:59

An issue was discovered in WTCMS 1.0. In the plupload method in \AssetController.class.php, the app parameters aren't processed, resulting in Cross Site Scripting (XSS).

6.5

CVE-2020-20343

Exploit

EPSS 0.1%
Published 01.09.2021 22:15:07
Last modified 21.11.2024 05:12:01

WTCMS 1.0 contains a cross-site request forgery (CSRF) vulnerability in the index.php?g=admin&m=nav&a=add_post component that allows attackers to arbitrarily add articles in the administrator background.

5.4

CVE-2020-20344

Exploit

EPSS 0.26%
Published 01.09.2021 22:15:07
Last modified 21.11.2024 05:12:01

WTCMS 1.0 contains a reflective cross-site scripting (XSS) vulnerability in the keyword search function under the background articles module.

5.4

CVE-2020-20345

Exploit

EPSS 0.3%
Published 01.09.2021 22:15:07
Last modified 21.11.2024 05:12:02

WTCMS 1.0 contains a reflective cross-site scripting (XSS) vulnerability in the page management background which allows attackers to obtain cookies via a crafted payload entered into the search box.

5.4