Vulnerabilities (CVE)

Join the Common Vulnerabilities and Exposures (CVE) community and start to get notified about new vulnerabilities.

Filtered by vendor Wtcms Project Subscribe
Total 12 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2020-20343 1 Wtcms Project 1 Wtcms 2021-09-07 4.3 MEDIUM 6.5 MEDIUM
WTCMS 1.0 contains a cross-site request forgery (CSRF) vulnerability in the index.php?g=admin&m=nav&a=add_post component that allows attackers to arbitrarily add articles in the administrator background.
CVE-2020-20344 1 Wtcms Project 1 Wtcms 2021-09-07 3.5 LOW 5.4 MEDIUM
WTCMS 1.0 contains a reflective cross-site scripting (XSS) vulnerability in the keyword search function under the background articles module.
CVE-2020-20345 1 Wtcms Project 1 Wtcms 2021-09-07 3.5 LOW 5.4 MEDIUM
WTCMS 1.0 contains a reflective cross-site scripting (XSS) vulnerability in the page management background which allows attackers to obtain cookies via a crafted payload entered into the search box.
CVE-2020-20347 1 Wtcms Project 1 Wtcms 2021-09-07 3.5 LOW 5.4 MEDIUM
WTCMS 1.0 contains a stored cross-site scripting (XSS) vulnerability in the source field under the article management module.
CVE-2020-20348 1 Wtcms Project 1 Wtcms 2021-09-07 3.5 LOW 5.4 MEDIUM
WTCMS 1.0 contains a stored cross-site scripting (XSS) vulnerability in the link field under the background menu management module.
CVE-2020-20349 1 Wtcms Project 1 Wtcms 2021-09-07 3.5 LOW 5.4 MEDIUM
WTCMS 1.0 contains a stored cross-site scripting (XSS) vulnerability in the link address field under the background links module.
CVE-2019-8908 1 Wtcms Project 1 Wtcms 2021-07-21 7.5 HIGH 9.8 CRITICAL
An issue was discovered in WTCMS 1.0. It allows remote attackers to execute arbitrary PHP code by going to the "Setting -> Mailbox configuration -> Registration email template" screen, and uploading an image file, as demonstrated by a .php filename and the "Content-Type: image/gif" header.
CVE-2019-16719 1 Wtcms Project 1 Wtcms 2020-08-24 4.3 MEDIUM 6.5 MEDIUM
WTCMS 1.0 allows index.php?g=admin&m=index&a=index CSRF with resultant XSS.
CVE-2019-8909 1 Wtcms Project 1 Wtcms 2019-02-19 5.0 MEDIUM 7.5 HIGH
An issue was discovered in WTCMS 1.0. It allows remote attackers to cause a denial of service (resource consumption) via crafted dimensions for the verification code image.
CVE-2019-8911 1 Wtcms Project 1 Wtcms 2019-02-19 4.3 MEDIUM 6.1 MEDIUM
An issue was discovered in WTCMS 1.0. It has stored XSS via the third text box (for the website statistics code).
CVE-2019-8910 1 Wtcms Project 1 Wtcms 2019-02-19 6.8 MEDIUM 8.8 HIGH
An issue was discovered in WTCMS 1.0. It allows index.php?g=admin&m=setting&a=site_post CSRF.
CVE-2018-10267 1 Wtcms Project 1 Wtcms 2018-05-25 6.8 MEDIUM 8.8 HIGH
WTCMS 1.0 has a CSRF vulnerability to add an administrator account via the index.php?admin&m=user&a=add_post URI.