Wtcms Project: >> Wtcms >> 1.0 Security Vulnerabilities
WTCMS 1.0 is vulnerable to Incorrect Access Control in \Common\Controller\HomebaseController.class.php.
CVSS Score
9.8
EPSS Score
0.002
Published
2024-10-25
WTCMS 1.0 is vulnerable to SQL Injection in the edit_post method of /Admin\Controller\NavControl.class.php via the parentid parameter.
CVSS Score
4.7
EPSS Score
0.001
Published
2024-10-25
An issue was discovered in WTCMS 1.0. In the plupload method in \AssetController.class.php, the app parameters aren't processed, resulting in Cross Site Scripting (XSS).
CVSS Score
4.8
EPSS Score
0.001
Published
2024-10-25
WTCMS 1.0 contains a cross-site request forgery (CSRF) vulnerability in the index.php?g=admin&m=nav&a=add_post component that allows attackers to arbitrarily add articles in the administrator background.
CVSS Score
6.5
EPSS Score
0.001
Published
2021-09-01
WTCMS 1.0 contains a reflective cross-site scripting (XSS) vulnerability in the keyword search function under the background articles module.
CVSS Score
5.4
EPSS Score
0.003
Published
2021-09-01
WTCMS 1.0 contains a reflective cross-site scripting (XSS) vulnerability in the page management background which allows attackers to obtain cookies via a crafted payload entered into the search box.
CVSS Score
5.4
EPSS Score
0.003
Published
2021-09-01
WTCMS 1.0 contains a stored cross-site scripting (XSS) vulnerability in the source field under the article management module.
CVSS Score
5.4
EPSS Score
0.003
Published
2021-09-01
WTCMS 1.0 contains a stored cross-site scripting (XSS) vulnerability in the link field under the background menu management module.
CVSS Score
5.4
EPSS Score
0.003
Published
2021-09-01
WTCMS 1.0 contains a stored cross-site scripting (XSS) vulnerability in the link address field under the background links module.
CVSS Score
5.4
EPSS Score
0.003
Published
2021-09-01
WTCMS 1.0 allows index.php?g=admin&m=index&a=index CSRF with resultant XSS.
CVSS Score
6.5
EPSS Score
0.001
Published
2019-09-23
Page 1