Skip to main content

Wtcms

10 CVEs product

Monthly

CVE-2024-48239 MEDIUM POC This Month

An issue was discovered in WTCMS 1.0. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP XSS Wtcms
NVD GitHub
CVSS 3.1
4.8
EPSS
0.2%
CVE-2024-48238 MEDIUM POC This Month

WTCMS 1.0 is vulnerable to SQL Injection in the edit_post method of /Admin\Controller\NavControl.class.php via the parentid parameter. Rated medium severity (CVSS 4.7), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

SQLi PHP Wtcms
NVD GitHub
CVSS 3.1
4.7
EPSS
0.3%
CVE-2024-48237 CRITICAL POC Act Now

WTCMS 1.0 is vulnerable to Incorrect Access Control in \Common\Controller\HomebaseController.class.php. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass PHP Wtcms
NVD GitHub
CVSS 3.1
9.8
EPSS
0.4%
CVE-2020-20345 MEDIUM POC This Month

WTCMS 1.0 contains a reflective cross-site scripting (XSS) vulnerability in the page management background which allows attackers to obtain cookies via a crafted payload entered into the search box. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS Wtcms
NVD GitHub VulDB
CVSS 3.1
5.4
EPSS
0.7%
CVE-2019-16719 MEDIUM POC This Month

WTCMS 1.0 allows index.php?g=admin&m=index&a=index CSRF with resultant XSS. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

CSRF XSS PHP Wtcms
NVD
CVSS 3.1
6.5
EPSS
0.5%
CVE-2019-8911 MEDIUM POC This Month

An issue was discovered in WTCMS 1.0. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS Wtcms
NVD GitHub
CVSS 3.0
6.1
EPSS
0.8%
CVE-2019-8910 HIGH POC This Week

An issue was discovered in WTCMS 1.0. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP CSRF Wtcms
NVD GitHub
CVSS 3.0
8.8
EPSS
0.6%
CVE-2019-8909 HIGH POC This Week

An issue was discovered in WTCMS 1.0. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Wtcms
NVD GitHub
CVSS 3.0
7.5
EPSS
1.8%
CVE-2019-8908 CRITICAL POC Act Now

An issue was discovered in WTCMS 1.0. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP RCE Wtcms
NVD GitHub
CVSS 3.0
9.8
EPSS
2.3%
CVE-2018-10267 HIGH POC This Week

WTCMS 1.0 has a CSRF vulnerability to add an administrator account via the index.php?admin&m=user&a=add_post URI. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

CSRF PHP Wtcms
NVD GitHub
CVSS 3.0
8.8
EPSS
0.5%
EPSS 0% CVSS 4.8
MEDIUM POC This Month

An issue was discovered in WTCMS 1.0. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP XSS Wtcms
NVD GitHub
EPSS 0% CVSS 4.7
MEDIUM POC This Month

WTCMS 1.0 is vulnerable to SQL Injection in the edit_post method of /Admin\Controller\NavControl.class.php via the parentid parameter. Rated medium severity (CVSS 4.7), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

SQLi PHP Wtcms
NVD GitHub
EPSS 0% CVSS 9.8
CRITICAL POC Act Now

WTCMS 1.0 is vulnerable to Incorrect Access Control in \Common\Controller\HomebaseController.class.php. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass PHP Wtcms
NVD GitHub
EPSS 1% CVSS 5.4
MEDIUM POC This Month

WTCMS 1.0 contains a reflective cross-site scripting (XSS) vulnerability in the page management background which allows attackers to obtain cookies via a crafted payload entered into the search box. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS Wtcms
NVD GitHub VulDB
EPSS 1% CVSS 6.5
MEDIUM POC This Month

WTCMS 1.0 allows index.php?g=admin&m=index&a=index CSRF with resultant XSS. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

CSRF XSS PHP +1
NVD
EPSS 1% CVSS 6.1
MEDIUM POC This Month

An issue was discovered in WTCMS 1.0. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS Wtcms
NVD GitHub
EPSS 1% CVSS 8.8
HIGH POC This Week

An issue was discovered in WTCMS 1.0. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP CSRF Wtcms
NVD GitHub
EPSS 2% CVSS 7.5
HIGH POC This Week

An issue was discovered in WTCMS 1.0. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Wtcms
NVD GitHub
EPSS 2% CVSS 9.8
CRITICAL POC Act Now

An issue was discovered in WTCMS 1.0. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP RCE Wtcms
NVD GitHub
EPSS 1% CVSS 8.8
HIGH POC This Week

WTCMS 1.0 has a CSRF vulnerability to add an administrator account via the index.php?admin&m=user&a=add_post URI. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

CSRF PHP Wtcms
NVD GitHub

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy