CVE-2020-19902

Directory Traversal vulnerability found in Cryptoprof WCMS v.0.3.2 allows a remote attacker to execute arbitrary code via the wex/cssjs.php parameter.
References
Link Resource
https://github.com/vedees/wcms/issues/3 Exploit Issue Tracking Vendor Advisory
Configurations

Configuration 1 (hide)

cpe:2.3:a:wcms:wcms:0.3.2:*:*:*:*:*:*:*

History

06 Jul 2023, 13:13

Type Values Removed Values Added
References (MISC) https://github.com/vedees/wcms/issues/3 - (MISC) https://github.com/vedees/wcms/issues/3 - Exploit, Issue Tracking, Vendor Advisory
CPE cpe:2.3:a:wcms:wcms:0.3.2:*:*:*:*:*:*:*
CWE CWE-22
First Time Wcms wcms
Wcms
CVSS v2 : unknown
v3 : unknown
v2 : unknown
v3 : 9.8

27 Jun 2023, 20:45

Type Values Removed Values Added
New CVE

Information

Published : 2023-06-27 20:15

Updated : 2024-02-28 20:13


NVD link : CVE-2020-19902

Mitre link : CVE-2020-19902

CVE.ORG link : CVE-2020-19902


JSON object : View

Products Affected

wcms

  • wcms
CWE
CWE-22

Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')