Vvveb Cms vulnerabilities
2 known vulnerabilities affecting vvveb/vvveb_cms.
Total CVEs
2
CISA KEV
0
Public exploits
0
Exploited in wild
0
Severity breakdown
CRITICAL1HIGH1
Vulnerabilities
Page 1 of 1
CVE-2026-6249P2HIGHCVSS 8.8v1.0.8.22026-04-20
CVE-2026-6249 [HIGH] CWE-434 CVE-2026-6249: Vvveb CMS 1.0.8.2 contains a remote code execution vulnerability in its media upload handler that al
Vvveb CMS 1.0.8.2 contains a remote code execution vulnerability in its media upload handler that allows authenticated attackers to execute arbitrary operating system commands by uploading a PHP webshell with a .phtml extension. Attackers can bypass the extension deny-list and upload malicious files to the publicly accessible media directory, then reque
nvd
CVE-2026-6257P3CRITICALCVSS 9.1v1.0.8.22026-04-20
CVE-2026-6257 [CRITICAL] CWE-434 CVE-2026-6257: Vvveb CMS v1.0.8.2 contains a remote code execution vulnerability in its media management functional
Vvveb CMS v1.0.8.2 contains a remote code execution vulnerability in its media management functionality where a missing return statement in the file rename handler allows authenticated attackers to rename files to blocked extensions .php or .htaccess. Attackers can exploit this logic flaw by first uploading a text file and renaming it to .htaccess t
nvd