CVSS: 10.0EPSS: 16%CPEs: 1EXPL: 0CVE-2023-39796 – WBCE 1.6.0 SQL Injection
https://notcve.org/view.php?id=CVE-2023-39796
10 Nov 2023 — SQL injection vulnerability in the miniform module in WBCE CMS v.1.6.0 allows remote unauthenticated attacker to execute arbitrary code via the DB_RECORD_TABLE parameter. Vulnerabilidad de inyección SQL en el módulo miniform en WBCE CMS v.1.6.0 permite a un atacante remoto no autenticado ejecutar código arbitrario a través del parámetro DB_RECORD_TABLE. WBCE version 1.6.0 suffers from a remote SQL injection vulnerability. • https://forum.wbce.org/viewtopic.php?pid=42046#p42046 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 5.5EPSS: 0%CPEs: 1EXPL: 1CVE-2023-46054
https://notcve.org/view.php?id=CVE-2023-46054
21 Oct 2023 — Cross Site Scripting (XSS) vulnerability in WBCE CMS v.1.6.1 and before allows a remote attacker to escalate privileges via a crafted script to the website_footer parameter in the admin/settings/save.php component. Vulnerabilidad de Cross Site Scripting (XSS) en WBCE CMS v.1.6.1 y anteriores permite a un atacante remoto escalar privilegios a través de un script manipulado al parámetro website_footer en el componente admin/settings/save.php. • https://github.com/aaanz/aaanz.github.io/blob/master/XSS.md • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •