Webedition CMS 9.2.2.0 has a File upload vulnerability via /webEdition/we_cmd.php
Max CVSS
N/A
EPSS Score
0.04%
Published
2024-03-14
Updated
2024-03-14
Webedition CMS 9.2.2.0 has a Stored XSS vulnerability via /webEdition/we_cmd.php.
Max CVSS
N/A
EPSS Score
0.04%
Published
2024-03-14
Updated
2024-03-14
Directory traversal vulnerability in showTempFile.php in webEdition CMS before 6.3.9.0 Beta allows remote authenticated users to read arbitrary files via a .. (dot dot) in the file parameter.
Max CVSS
4.0
EPSS Score
1.39%
Published
2014-11-06
Updated
2018-10-09
Multiple SQL injection vulnerabilities in the file browser component (we_fs.php) in webEdition CMS before 6.2.7-s1.2 and 6.3.x through 6.3.8 before -s1 allow remote attackers to execute arbitrary SQL commands via the (1) table or (2) order parameter.
Max CVSS
7.5
EPSS Score
0.27%
Published
2014-06-13
Updated
2018-10-09
The installer script in webEdition CMS before 6.2.7-s1 and 6.3.x before 6.3.8-s1 allows remote attackers to conduct PHP Object Injection attacks by intercepting a request to update.webedition.org.
Max CVSS
9.8
EPSS Score
2.14%
Published
2018-07-19
Updated
2018-09-18
Directory traversal vulnerability in index.php in webEdition 6.0.0.4 and earlier, when register_globals is enabled and magic_quotes_gpc is disabled, allows remote attackers to include and execute arbitrary files via a .. (dot dot) in the WE_LANGUAGE parameter.
Max CVSS
5.1
EPSS Score
1.41%
Published
2009-04-02
Updated
2018-10-10
6 vulnerabilities found
This web site uses cookies for managing your session, storing preferences, website analytics and additional purposes described in our privacy policy.
By using this web site you are agreeing to CVEdetails.com terms of use!