Wdja Cms vulnerabilities
4 known vulnerabilities affecting wdja/wdja_cms.
Total CVEs
4
CISA KEV
0
Public exploits
1
Exploited in wild
0
Severity breakdown
CRITICAL2MEDIUM2
Vulnerabilities
Page 1 of 1
CVE-2020-20982P3CRITICALCVSS 9.6PoCv1.5.12021-11-03
CVE-2020-20982 [CRITICAL] CWE-79 CVE-2020-20982: Cross Site Scripting (XSS) vulnerability in shadoweb wdja v1.5.1, allows attackers to execute arbitr
Cross Site Scripting (XSS) vulnerability in shadoweb wdja v1.5.1, allows attackers to execute arbitrary code and gain escalated privileges, via the backurl parameter to /php/passport/index.php.
nvd
CVE-2020-21648P3CRITICALCVSS 9.1v1.5.22021-10-06
CVE-2020-21648 [CRITICAL] CVE-2020-21648: WDJA CMS v1.5.2 contains an arbitrary file deletion vulnerability in the component admin/cache/manag
WDJA CMS v1.5.2 contains an arbitrary file deletion vulnerability in the component admin/cache/manage.php.
nvd
CVE-2020-21658P4MEDIUMCVSS 6.5v1.5.22021-10-06
CVE-2020-21658 [MEDIUM] CWE-352 CVE-2020-21658: A Cross-Site Request Forgery (CSRF) in WDJA CMS v1.5.2 allows attackers to arbitrarily add administr
A Cross-Site Request Forgery (CSRF) in WDJA CMS v1.5.2 allows attackers to arbitrarily add administrator accounts via a crafted URL.
nvd
CVE-2020-23631P4MEDIUMCVSS 6.1v1.52021-01-11
CVE-2020-23631 [MEDIUM] CWE-352 CVE-2020-23631: Cross-site request forgery (CSRF) in admin/global/manage.php in WDJA CMS 1.5 allows remote attackers
Cross-site request forgery (CSRF) in admin/global/manage.php in WDJA CMS 1.5 allows remote attackers to conduct cross-site scripting (XSS) attacks via the tongji parameter.
nvd