wcms
wcms copied to clipboard
vedees
🖖 Best CMS for landing-page WCMS
Hi, dev team! There is Path Traversal vulnerability in `wcms/wcms/wex/cssjs.php` file. The vulnerable code is: 31: `$path = $_GET['path'];` 32: `$html_from_template = htmlspecialchars(file_get_contents($path));` 61: `:code=''` Example POC: ``` ``` A...
Hi, dev team! There is SSRF Vulnerability in `wcms/wcms/wex/cssjs.php` file. The vulnerable code is: 31: `$path = $_GET['path'];` 32: `$html_from_template = htmlspecialchars(file_get_contents($path));` 61: `:code=''` Example POC: ``` ``` Server Side...
Hi, dev team! There is Reflected XSS vulnerability in `wcms/wex/html.php` file. The vulnerable code is: wcms/wex/core/classes/Pagename.php:16: `$_SESSION['pagename'] = $_POST['pagename'];` wcms/wex/core/classes/Pagename.php:20: `$GLOBALS['pagename'] = $_SESSION['pagename'];` wcms/wex/html.php:52: `path=''` Example POC: Just send any...
Hi, dev team! There is SSRF Vulnerability in `wcms/wcms/wex/html.php` file. The vulnerable code is: wcms/wex/core/classes/Pagename.php:16: `$_SESSION['pagename'] = $_POST['pagename'];` wcms/wex/core/classes/Pagename.php:20: `$GLOBALS['pagename'] = $_SESSION['pagename'];` wcms/wex/html.php:17: `$html_from_template = htmlspecialchars(file_get_contents($GLOBALS['pagename']));` Example POC: ``` ```...
Hi, dev team! There is Path Traversal vulnerability in `wcms/wex/html.php` file. The vulnerable code is: wcms/wex/core/classes/Pagename.php:16: `$_SESSION['pagename'] = $_POST['pagename'];` wcms/wex/core/classes/Pagename.php:20: `$GLOBALS['pagename'] = $_SESSION['pagename'];` wcms/wex/html.php:17: `$html_from_template = htmlspecialchars(file_get_contents($GLOBALS['pagename']));` wcms/wex/html.php:51: `:code=''` Example...
Hi, dev team! There is Reflected XSS vulnerability in `wcms/wcms/wex/cssjs.php` file. The vulnerable code is: 64: `type=''>` Example POC: Just send any js code in `type` parameter like: `type=alert()` Reflected...
Здравствуйте, создал абзац с классом .wcms-text, появись возможность редактирования в разделе Текст. После редактирования, текст вставляется в самом начале документа, а в не абзаце. [Hello, created a paragraph with the...
Буду писать на Русском. Баг в версии 0.3.2 Если в комментариях и в заголовке одинаковые значения текста, то заменится текст в комментарии, но не в заголовке. Если в title есть...
A Arbitrary File Reading Vulnerability in wex/cssjs.php There is a vulnerability that can read and modify any files to getshell. Affected software:WCMS V0.3.2 poc: use ../ to directory traversal vulnerability....
A Arbitrary File Upload Vulnerability in wcms/wex/finder/action.php Affected software:WCMS V0.3.2 Type of vulnerability: Arbitrary File Upload Discovered by: Yu Yang Use this upload feature in the developer/finder:  and we...
