CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 0CVE-2017-7951
https://notcve.org/view.php?id=CVE-2017-7951
WonderCMS before 2.0.3 has CSRF because of lack of a token in an unspecified context. WonderCMS en versiones anteriores a 2.0.3 tiene CSRF debido a la falta de un token en un contexto no especificado. • https://github.com/robiso/wondercms/releases/tag/2.0.3 https://www.wondercms.com/forum/viewtopic.php?f=8&p=1684 • CWE-352: Cross-Site Request Forgery (CSRF) •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 1CVE-2014-8701
https://notcve.org/view.php?id=CVE-2014-8701
Wonder CMS 2014 allows remote attackers to obtain sensitive information by viewing /files/password, which reveals the unsalted MD5 hashed password. Wonder CMS 2014 permite a atacantes remotos obtener información sensible mediante la visualización de /files/password, lo que revela la contraseña de hash MD5 sin saltar. • http://rossmarks.uk/portfolio.php http://rossmarks.uk/whitepapers/wonder_cms_2014.txt • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 1CVE-2014-8703
https://notcve.org/view.php?id=CVE-2014-8703
Cross-site scripting (XSS) vulnerability in Wonder CMS 2014 allows remote attackers to inject arbitrary web script or HTML. Vulnerabilidad de XSS en Wonder CMS 2014 permite a atacantes remotos inyectar secuencias de comandos web o HTML arbitrarios. • http://rossmarks.uk/portfolio.php http://rossmarks.uk/whitepapers/wonder_cms_2014.txt • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 0CVE-2014-8704
https://notcve.org/view.php?id=CVE-2014-8704
Directory traversal vulnerability in index.php in Wonder CMS 2014 allows remote attackers to include and execute arbitrary local files via a crafted theme. Vulnerabilidad de slato de directorio en index.php en Wonder CMS 2014 permite a atacantes remotos incluir y ejecutar archivos locales arbitrarios a través de un tema manipulado. • http://rossmarks.uk/portfolio.php • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 0CVE-2014-8705
https://notcve.org/view.php?id=CVE-2014-8705
PHP remote file inclusion vulnerability in editInplace.php in Wonder CMS 2014 allows remote attackers to execute arbitrary PHP code via a URL in the hook parameter. Vulnerabilidad de inclusión de archivos remotos de PHP en editInplace.php en Wonder CMS 2014 permite a atacantes remotos ejecutar código PHP arbitrario a través de una URL en el parámetro hook. • http://rossmarks.uk/portfolio.php http://rossmarks.uk/whitepapers/wonder_cms_2014.txt • CWE-20: Improper Input Validation •