CVSS: 5.4EPSS: 0%CPEs: 1EXPL: 2CVE-2022-30073
https://notcve.org/view.php?id=CVE-2022-30073
WBCE CMS 1.5.2 is vulnerable to Cross Site Scripting (XSS) via /admin/users/save.php. WBCE CMS versión 1.5.2, es vulnerable a un ataque de tipo Cross Site Scripting (XSS) por medio del archivo /admin/users/save.php • https://github.com/APTX-4879/CVE https://github.com/APTX-4879/CVE/blob/main/CVE-2022-30073.pdf • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 1CVE-2022-28477
https://notcve.org/view.php?id=CVE-2022-28477
WBCE CMS 1.5.2 is vulnerable to Cross Site Scripting (XSS). WBCE CMS versión 1.5.2, es vulnerable a un ataque de tipo Cross Site Scripting (XSS) • https://github.com/APTX-4879/CVE https://github.com/APTX-4879/CVE/blob/main/CVE-2022-28477..pdf • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 1CVE-2022-25099
https://notcve.org/view.php?id=CVE-2022-25099
A vulnerability in the component /languages/index.php of WBCE CMS v1.5.2 allows attackers to execute arbitrary code via a crafted PHP file. Una vulnerabilidad en el componente /languages/index.php de WBCE CMS versión v1.5.2, permite a atacantes ejecutar código arbitrario por medio de un archivo PHP diseñado • https://github.com/dota-st/Vulnerability/blob/master/WBCE_CMS.md •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 1CVE-2022-25101
https://notcve.org/view.php?id=CVE-2022-25101
A vulnerability in the component /templates/install.php of WBCE CMS v1.5.2 allows attackers to execute arbitrary code via a crafted PHP file. Una vulnerabilidad en el componente /templates/install.php de WBCE CMS versión v1.5.2, permite a atacantes ejecutar código arbitrario por medio de un archivo PHP diseñado • https://github.com/dota-st/Vulnerability/blob/master/WBCE_CMS_second.md •
CVSS: 9.8EPSS: 12%CPEs: 1EXPL: 3CVE-2021-3817 – SQL Injection in wbce/wbce_cms
https://notcve.org/view.php?id=CVE-2021-3817
wbce_cms is vulnerable to Improper Neutralization of Special Elements used in an SQL Command wbce_cms es vulnerable a una Neutralización Inadecuada de Elementos Especiales usados en un Comando SQL WBCE CMS versions 1.5.1 and below suffer from an administrative password reset vulnerability. • https://www.exploit-db.com/exploits/50609 http://packetstormsecurity.com/files/165377/WBCE-CMS-1.5.1-Admin-Password-Reset.html https://github.com/wbce/wbce_cms/commit/6ca63f0cad5f0cd606fdb69a372f09b7d238f1d7 https://huntr.dev/bounties/c330dc0d-220a-4b15-b785-5face4cf6ef7 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •