Shodan
Vulnerabilities
Vulnerable Software
Wbce:  Security Vulnerabilities
CVE-2023-29855
WBCE CMS 1.5.3 has a command execution vulnerability via admin/languages/install.php.
CVSS Score
7.2
EPSS Score
0.001
Published
2023-04-18
CVE-2022-46020
WBCE CMS v1.5.4 can implement getshell by modifying the upload file type.
CVSS Score
9.8
EPSS Score
0.865
Published
2022-12-20
CVE-2022-45039
An arbitrary file upload vulnerability in the Server Settings module of WBCE CMS v1.5.4 allows attackers to execute arbitrary code via a crafted PHP file.
CVSS Score
7.2
EPSS Score
0.009
Published
2022-11-25
CVE-2022-45040
A cross-site scripting (XSS) vulnerability in /admin/pages/sections_save.php of WBCE CMS v1.5.4 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Name Section field.
CVSS Score
5.4
EPSS Score
0.002
Published
2022-11-25
CVE-2022-45036
A cross-site scripting (XSS) vulnerability in the Search Settings module of WBCE CMS v1.5.4 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the No Results field.
CVSS Score
5.4
EPSS Score
0.002
Published
2022-11-25
CVE-2022-45037
A cross-site scripting (XSS) vulnerability in /admin/users/index.php of WBCE CMS v1.5.4 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Display Name field.
CVSS Score
5.4
EPSS Score
0.213
Published
2022-11-25
CVE-2022-45038
A cross-site scripting (XSS) vulnerability in /admin/settings/save.php of WBCE CMS v1.5.4 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Website Footer field.
CVSS Score
5.4
EPSS Score
0.213
Published
2022-11-25
CVE-2022-45014
A cross-site scripting (XSS) vulnerability in the Search Settings module of WBCE CMS v1.5.4 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Results Header field.
CVSS Score
4.8
EPSS Score
0.004
Published
2022-11-21
CVE-2022-45015
A cross-site scripting (XSS) vulnerability in the Search Settings module of WBCE CMS v1.5.4 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Results Footer field.
CVSS Score
4.8
EPSS Score
0.004
Published
2022-11-21
CVE-2022-45016
A cross-site scripting (XSS) vulnerability in the Search Settings module of WBCE CMS v1.5.4 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Footer field.
CVSS Score
4.8
EPSS Score
0.004
Published
2022-11-21


Products
Pricing
Contact Us

Shodan ® - All rights reserved