NotCVE - vendor:"Wbce" product:"Wbce Cms"

30 results (0.006 seconds)

CVSS: 9.8EPSS: 8%CPEs: 1EXPL: 0

CVE-2023-39796 – WBCE 1.6.0 SQL Injection

https://notcve.org/view.php?id=CVE-2023-39796

SQL injection vulnerability in the miniform module in WBCE CMS v.1.6.0 allows remote unauthenticated attacker to execute arbitrary code via the DB_RECORD_TABLE parameter. Vulnerabilidad de inyección SQL en el módulo miniform en WBCE CMS v.1.6.0 permite a un atacante remoto no autenticado ejecutar código arbitrario a través del parámetro DB_RECORD_TABLE. WBCE version 1.6.0 suffers from a remote SQL injection vulnerability. • https://forum.wbce.org/viewtopic.php?pid=42046#p42046 https://github.com/WBCE/WBCE_CMS/releases/tag/1.6.1 https://pastebin.com/PBw5AvGp • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •

CVSS: 5.4EPSS: 0%CPEs: 1EXPL: 1

CVE-2023-46054

https://notcve.org/view.php?id=CVE-2023-46054

Cross Site Scripting (XSS) vulnerability in WBCE CMS v.1.6.1 and before allows a remote attacker to escalate privileges via a crafted script to the website_footer parameter in the admin/settings/save.php component. Vulnerabilidad de Cross Site Scripting (XSS) en WBCE CMS v.1.6.1 y anteriores permite a un atacante remoto escalar privilegios a través de un script manipulado al parámetro website_footer en el componente admin/settings/save.php. • https://github.com/aaanz/aaanz.github.io/blob/master/XSS.md • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

CVSS: 5.4EPSS: 0%CPEs: 1EXPL: 3

CVE-2023-43871

https://notcve.org/view.php?id=CVE-2023-43871

A File upload vulnerability in WBCE v.1.6.1 allows a local attacker to upload a pdf file with hidden Cross Site Scripting (XSS). Vulnerabilidad de carga de archivos en WBCE v.1.6.1 permite a un atacante local cargar un archivo pdf con Cross Site Scripting (XSS) oculto. • https://github.com/sromanhu/CVE-2023-43871-WBCE-Arbitrary-File-Upload--XSS---Media https://github.com/sromanhu/CVE-2023-43871-WBCE-Arbitrary-File-Upload--XSS---Media/blob/main/README.md https://github.com/sromanhu/WBCE-File-Upload--XSS---Media/blob/main/README.md • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

CVSS: 7.2EPSS: 0%CPEs: 1EXPL: 1

CVE-2023-38947

https://notcve.org/view.php?id=CVE-2023-38947

An arbitrary file upload vulnerability in the /languages/install.php component of WBCE CMS v1.6.1 allows attackers to execute arbitrary code via a crafted PHP file. • https://gitee.com/CTF-hacker/pwn/issues/I7LH2N https://github.com/capture0x/WBCE_CMS https://packetstormsecurity.com/files/176018/WBCE-CMS-1.6.1-Shell-Upload.html • CWE-434: Unrestricted Upload of File with Dangerous Type CWE-616: Incomplete Identification of Uploaded File Variables (PHP) •

CVSS: 7.2EPSS: 0%CPEs: 1EXPL: 1

CVE-2023-29855

https://notcve.org/view.php?id=CVE-2023-29855

WBCE CMS 1.5.3 has a command execution vulnerability via admin/languages/install.php. • https://github.com/WBCE/WBCE_CMS/issues/544 • CWE-77: Improper Neutralization of Special Elements used in a Command ('Command Injection') •

1 2 3 4 5