Skip to main content

Weaselcms

5 CVEs product

Monthly

CVE-2018-17361 MEDIUM POC This Month

Multiple XSS vulnerabilities in WeaselCMS v0.3.6 allow remote attackers to inject arbitrary web script or HTML via the PATH_INFO to index.php because $_SERVER['PHP_SELF'] is mishandled. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS PHP Weaselcms
NVD GitHub
CVSS 3.0
6.1
EPSS
0.8%
CVE-2018-16352 CRITICAL POC Act Now

There is a PHP code upload vulnerability in WeaselCMS 0.3.6 via index.php because code can be embedded at the end of a .png file when the image/png content type is used. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

File Upload PHP Weaselcms
NVD GitHub
CVSS 3.0
9.8
EPSS
1.4%
CVE-2018-14959 HIGH POC This Week

An issue was discovered in WeaselCMS v0.3.5. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

CSRF PHP Weaselcms
NVD GitHub
CVSS 3.0
8.8
EPSS
0.5%
CVE-2018-14958 HIGH POC This Week

An issue was discovered in WeaselCMS v0.3.5. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

CSRF PHP Weaselcms
NVD GitHub
CVSS 3.0
8.8
EPSS
0.5%
CVE-2018-14877 MEDIUM POC This Month

An issue was discovered in WeaselCMS v0.3.5. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS Weaselcms
NVD GitHub
CVSS 3.0
5.4
EPSS
0.5%
EPSS 1% CVSS 6.1
MEDIUM POC This Month

Multiple XSS vulnerabilities in WeaselCMS v0.3.6 allow remote attackers to inject arbitrary web script or HTML via the PATH_INFO to index.php because $_SERVER['PHP_SELF'] is mishandled. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS PHP Weaselcms
NVD GitHub
EPSS 1% CVSS 9.8
CRITICAL POC Act Now

There is a PHP code upload vulnerability in WeaselCMS 0.3.6 via index.php because code can be embedded at the end of a .png file when the image/png content type is used. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

File Upload PHP Weaselcms
NVD GitHub
EPSS 1% CVSS 8.8
HIGH POC This Week

An issue was discovered in WeaselCMS v0.3.5. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

CSRF PHP Weaselcms
NVD GitHub
EPSS 1% CVSS 8.8
HIGH POC This Week

An issue was discovered in WeaselCMS v0.3.5. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

CSRF PHP Weaselcms
NVD GitHub
EPSS 1% CVSS 5.4
MEDIUM POC This Month

An issue was discovered in WeaselCMS v0.3.5. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS Weaselcms
NVD GitHub

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy