Shodan
Vulnerabilities
Vulnerable Software
Wbce:  Security Vulnerabilities
CVE-2023-39796
SQL injection vulnerability in the miniform module in WBCE CMS v.1.6.0 allows remote unauthenticated attacker to execute arbitrary code via the DB_RECORD_TABLE parameter.
CVSS Score
9.8
EPSS Score
0.819
Published
2023-11-10
CVE-2023-46054
Cross Site Scripting (XSS) vulnerability in WBCE CMS v.1.6.1 and before allows a remote attacker to escalate privileges via a crafted script to the website_footer parameter in the admin/settings/save.php component.
CVSS Score
5.4
EPSS Score
0.001
Published
2023-10-21
CVE-2023-43871
A File upload vulnerability in WBCE v.1.6.1 allows a local attacker to upload a pdf file with hidden Cross Site Scripting (XSS).
CVSS Score
5.4
EPSS Score
0.002
Published
2023-09-28
CVE-2023-38947
An arbitrary file upload vulnerability in the /languages/install.php component of WBCE CMS v1.6.1 allows attackers to execute arbitrary code via a crafted PHP file.
CVSS Score
7.2
EPSS Score
0.001
Published
2023-08-03
CVE-2023-29855
WBCE CMS 1.5.3 has a command execution vulnerability via admin/languages/install.php.
CVSS Score
7.2
EPSS Score
0.001
Published
2023-04-18
CVE-2022-46020
WBCE CMS v1.5.4 can implement getshell by modifying the upload file type.
CVSS Score
9.8
EPSS Score
0.846
Published
2022-12-20
CVE-2022-45039
An arbitrary file upload vulnerability in the Server Settings module of WBCE CMS v1.5.4 allows attackers to execute arbitrary code via a crafted PHP file.
CVSS Score
7.2
EPSS Score
0.001
Published
2022-11-25
CVE-2022-45040
A cross-site scripting (XSS) vulnerability in /admin/pages/sections_save.php of WBCE CMS v1.5.4 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Name Section field.
CVSS Score
5.4
EPSS Score
0.001
Published
2022-11-25
CVE-2022-45036
A cross-site scripting (XSS) vulnerability in the Search Settings module of WBCE CMS v1.5.4 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the No Results field.
CVSS Score
5.4
EPSS Score
0.001
Published
2022-11-25
CVE-2022-45037
A cross-site scripting (XSS) vulnerability in /admin/users/index.php of WBCE CMS v1.5.4 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Display Name field.
CVSS Score
5.4
EPSS Score
0.132
Published
2022-11-25


Products
Pricing
Contact Us

Shodan ® - All rights reserved