W-CMS HTML Injection And Local File Include Vulnerabilities Network Vulnerability

Summary

w-CMS is prone to multiple HTML-injection vulnerabilities and a local file-include vulnerability. Exploiting these issues could allow an attacker to execute arbitrary HTML and script code in the context of the affected browser, steal cookie-based authentication credentials, and execute arbitrary local scripts in the context of the webserver process. Other attacks are also possible. w-CMS 2.0.1 is vulnerable other versions may also be affected.

References

http://www.securityfocus.com/bid/51359

Updated on 2017-03-28

Severity

Classification

CVSS Base Score: 6.8
AV:N/AC:M/Au:N/C:P/I:P/A:P

Related Vulnerabilities

Aardvark Topsites <= 4.2.2 Remote File Inclusion Vulnerability
AMSI 'file' Parameter Directory Traversal Vulnerability
An Image Gallery Multiple Cross-Site Scripting Vulnerability
12Planet Chat Server one2planet.infolet.InfoServlet XSS
AdaptCMS 'init.php' Remote File Include Vulnerability

w-CMS HTML Injection and Local File Include Vulnerabilities

Take action and discover your vulnerabilities