Search criteria
19 vulnerabilities found for webedition_cms by webedition
CVE-2023-53884 (GCVE-0-2023-53884)
Vulnerability from nvd – Published: 2025-12-15 20:28 – Updated: 2025-12-15 21:47
VLAI?
Title
Webedition CMS v2.9.8.8 Stored Cross-Site Scripting via SVG Upload
Summary
Webedition CMS v2.9.8.8 contains a stored cross-site scripting vulnerability that allows authenticated users to upload malicious SVG files with embedded JavaScript. Attackers can upload crafted SVG files through the media upload feature to inject and execute arbitrary scripts when the file is viewed by other users.
Severity ?
CWE
- CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
Assigner
References
| URL | Tags | ||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Webedition | Webedition CMS |
Affected:
2.9.8.8
|
Credits
Mirabbas Ağalarov
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-53884",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-12-15T21:38:15.580094Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-12-15T21:47:00.695Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"references": [
{
"tags": [
"exploit"
],
"url": "https://www.exploit-db.com/exploits/51662"
}
],
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "Webedition CMS",
"vendor": "Webedition",
"versions": [
{
"status": "affected",
"version": "2.9.8.8"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Mirabbas A\u011falarov"
}
],
"descriptions": [
{
"lang": "en",
"value": "Webedition CMS v2.9.8.8 contains a stored cross-site scripting vulnerability that allows authenticated users to upload malicious SVG files with embedded JavaScript. Attackers can upload crafted SVG files through the media upload feature to inject and execute arbitrary scripts when the file is viewed by other users."
}
],
"metrics": [
{
"cvssV4_0": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "NETWORK",
"baseScore": 5.1,
"baseSeverity": "MEDIUM",
"exploitMaturity": "NOT_DEFINED",
"privilegesRequired": "LOW",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "LOW",
"subIntegrityImpact": "LOW",
"userInteraction": "PASSIVE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:P/VC:L/VI:L/VA:N/SC:L/SI:L/SA:N",
"version": "4.0",
"vulnAvailabilityImpact": "NONE",
"vulnConfidentialityImpact": "LOW",
"vulnIntegrityImpact": "LOW",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"format": "CVSS"
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-12-15T20:28:20.915Z",
"orgId": "83251b91-4cc7-4094-a5c7-464a1b83ea10",
"shortName": "VulnCheck"
},
"references": [
{
"name": "ExploitDB-51662",
"tags": [
"exploit"
],
"url": "https://www.exploit-db.com/exploits/51662"
},
{
"name": "webEdition Product Webpage",
"tags": [
"product"
],
"url": "https://www.webedition.org/"
},
{
"name": "VulnCheck Advisory: Webedition CMS v2.9.8.8 Stored Cross-Site Scripting via SVG Upload",
"tags": [
"third-party-advisory"
],
"url": "https://www.vulncheck.com/advisories/webedition-cms-v-stored-cross-site-scripting-via-svg-upload"
}
],
"title": "Webedition CMS v2.9.8.8 Stored Cross-Site Scripting via SVG Upload",
"x_generator": {
"engine": "vulncheck"
}
}
},
"cveMetadata": {
"assignerOrgId": "83251b91-4cc7-4094-a5c7-464a1b83ea10",
"assignerShortName": "VulnCheck",
"cveId": "CVE-2023-53884",
"datePublished": "2025-12-15T20:28:20.915Z",
"dateReserved": "2025-12-13T14:25:05.000Z",
"dateUpdated": "2025-12-15T21:47:00.695Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2023-53883 (GCVE-0-2023-53883)
Vulnerability from nvd – Published: 2025-12-15 20:28 – Updated: 2025-12-15 21:47
VLAI?
Title
Webedition CMS v2.9.8.8 Remote Code Execution via PHP Page Creation
Summary
Webedition CMS v2.9.8.8 contains a remote code execution vulnerability that allows authenticated attackers to inject system commands through PHP page creation. Attackers can create a new PHP page with malicious system commands in the description field to execute arbitrary commands on the server.
Severity ?
CWE
- CWE-94 - Improper Control of Generation of Code ('Code Injection')
Assigner
References
| URL | Tags | ||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Webedition | Webedition CMS |
Affected:
2.9.8.8
|
Credits
Mirabbas Ağalarov
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-53883",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-12-15T21:38:23.756227Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-12-15T21:47:08.627Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"references": [
{
"tags": [
"exploit"
],
"url": "https://www.exploit-db.com/exploits/51661"
}
],
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "Webedition CMS",
"vendor": "Webedition",
"versions": [
{
"status": "affected",
"version": "2.9.8.8"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Mirabbas A\u011falarov"
}
],
"descriptions": [
{
"lang": "en",
"value": "Webedition CMS v2.9.8.8 contains a remote code execution vulnerability that allows authenticated attackers to inject system commands through PHP page creation. Attackers can create a new PHP page with malicious system commands in the description field to execute arbitrary commands on the server."
}
],
"metrics": [
{
"cvssV4_0": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "NETWORK",
"baseScore": 7.2,
"baseSeverity": "HIGH",
"exploitMaturity": "NOT_DEFINED",
"privilegesRequired": "HIGH",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "NONE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N",
"version": "4.0",
"vulnAvailabilityImpact": "HIGH",
"vulnConfidentialityImpact": "HIGH",
"vulnIntegrityImpact": "HIGH",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"format": "CVSS"
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-94",
"description": "Improper Control of Generation of Code (\u0027Code Injection\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-12-15T20:28:20.486Z",
"orgId": "83251b91-4cc7-4094-a5c7-464a1b83ea10",
"shortName": "VulnCheck"
},
"references": [
{
"name": "ExploitDB-51661",
"tags": [
"exploit"
],
"url": "https://www.exploit-db.com/exploits/51661"
},
{
"name": "webEdition Product Webpage",
"tags": [
"product"
],
"url": "https://www.webedition.org/"
},
{
"name": "VulnCheck Advisory: Webedition CMS v2.9.8.8 Remote Code Execution via PHP Page Creation",
"tags": [
"third-party-advisory"
],
"url": "https://www.vulncheck.com/advisories/webedition-cms-v-remote-code-execution-via-php-page-creation"
}
],
"title": "Webedition CMS v2.9.8.8 Remote Code Execution via PHP Page Creation",
"x_generator": {
"engine": "vulncheck"
}
}
},
"cveMetadata": {
"assignerOrgId": "83251b91-4cc7-4094-a5c7-464a1b83ea10",
"assignerShortName": "VulnCheck",
"cveId": "CVE-2023-53883",
"datePublished": "2025-12-15T20:28:20.486Z",
"dateReserved": "2025-12-13T14:25:05.000Z",
"dateUpdated": "2025-12-15T21:47:08.627Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2024-28418 (GCVE-0-2024-28418)
Vulnerability from nvd – Published: 2024-03-14 00:00 – Updated: 2024-08-16 15:46
VLAI?
Summary
Webedition CMS 9.2.2.0 has a File upload vulnerability via /webEdition/we_cmd.php
Severity ?
6.5 (Medium)
CWE
- n/a
Assigner
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T00:56:57.314Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://gitee.com/shavchen214/pwn/issues/I94VI3"
}
],
"title": "CVE Program Container"
},
{
"affected": [
{
"cpes": [
"cpe:2.3:a:webedition:webedition_cms:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "webedition_cms",
"vendor": "webedition",
"versions": [
{
"status": "affected",
"version": "9.2.2.0"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2024-28418",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-03-15T19:01:53.916444Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-434",
"description": "CWE-434 Unrestricted Upload of File with Dangerous Type",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-08-16T15:46:00.586Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Webedition CMS 9.2.2.0 has a File upload vulnerability via /webEdition/we_cmd.php"
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-03-14T13:04:51.870310",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"url": "https://gitee.com/shavchen214/pwn/issues/I94VI3"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2024-28418",
"datePublished": "2024-03-14T00:00:00",
"dateReserved": "2024-03-08T00:00:00",
"dateUpdated": "2024-08-16T15:46:00.586Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-28417 (GCVE-0-2024-28417)
Vulnerability from nvd – Published: 2024-03-14 00:00 – Updated: 2024-08-02 00:56
VLAI?
Summary
Webedition CMS 9.2.2.0 has a Stored XSS vulnerability via /webEdition/we_cmd.php.
Severity ?
6.3 (Medium)
CWE
- n/a
Assigner
References
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:a:webedition:webedition_cms:9.2.2:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "webedition_cms",
"vendor": "webedition",
"versions": [
{
"status": "affected",
"version": "9.2.2"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 6.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2024-28417",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-03-14T13:41:48.453905Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-80",
"description": "CWE-80 Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-06-21T19:24:06.203Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-02T00:56:57.415Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://gitee.com/shavchen214/pwn/issues/I94VFH"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Webedition CMS 9.2.2.0 has a Stored XSS vulnerability via /webEdition/we_cmd.php."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-03-14T13:06:09.620388",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"url": "https://gitee.com/shavchen214/pwn/issues/I94VFH"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2024-28417",
"datePublished": "2024-03-14T00:00:00",
"dateReserved": "2024-03-08T00:00:00",
"dateUpdated": "2024-08-02T00:56:57.415Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2014-2302 (GCVE-0-2014-2302)
Vulnerability from nvd – Published: 2018-07-19 17:00 – Updated: 2024-08-06 10:06
VLAI?
Summary
The installer script in webEdition CMS before 6.2.7-s1 and 6.3.x before 6.3.8-s1 allows remote attackers to conduct PHP Object Injection attacks by intercepting a request to update.webedition.org.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T10:06:00.206Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "20140528 [RT-SA-2014-004] Remote Command Execution in webEdition CMS Installer Script",
"tags": [
"mailing-list",
"x_refsource_FULLDISC",
"x_transferred"
],
"url": "http://seclists.org/fulldisclosure/2014/May/147"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://packetstormsecurity.com/files/126861/webEdition-CMS-2.8.0.0-Remote-Command-Execution.html"
},
{
"name": "67692",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/67692"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.redteam-pentesting.de/advisories/rt-sa-2014-004"
},
{
"name": "20140528 [RT-SA-2014-004] Remote Command Execution in webEdition CMS Installer Script",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/532230/100/0/threaded"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2014-05-28T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "The installer script in webEdition CMS before 6.2.7-s1 and 6.3.x before 6.3.8-s1 allows remote attackers to conduct PHP Object Injection attacks by intercepting a request to update.webedition.org."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-07-19T16:57:02",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "20140528 [RT-SA-2014-004] Remote Command Execution in webEdition CMS Installer Script",
"tags": [
"mailing-list",
"x_refsource_FULLDISC"
],
"url": "http://seclists.org/fulldisclosure/2014/May/147"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://packetstormsecurity.com/files/126861/webEdition-CMS-2.8.0.0-Remote-Command-Execution.html"
},
{
"name": "67692",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/67692"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.redteam-pentesting.de/advisories/rt-sa-2014-004"
},
{
"name": "20140528 [RT-SA-2014-004] Remote Command Execution in webEdition CMS Installer Script",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/532230/100/0/threaded"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2014-2302",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The installer script in webEdition CMS before 6.2.7-s1 and 6.3.x before 6.3.8-s1 allows remote attackers to conduct PHP Object Injection attacks by intercepting a request to update.webedition.org."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20140528 [RT-SA-2014-004] Remote Command Execution in webEdition CMS Installer Script",
"refsource": "FULLDISC",
"url": "http://seclists.org/fulldisclosure/2014/May/147"
},
{
"name": "http://packetstormsecurity.com/files/126861/webEdition-CMS-2.8.0.0-Remote-Command-Execution.html",
"refsource": "MISC",
"url": "http://packetstormsecurity.com/files/126861/webEdition-CMS-2.8.0.0-Remote-Command-Execution.html"
},
{
"name": "67692",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/67692"
},
{
"name": "https://www.redteam-pentesting.de/advisories/rt-sa-2014-004",
"refsource": "MISC",
"url": "https://www.redteam-pentesting.de/advisories/rt-sa-2014-004"
},
{
"name": "20140528 [RT-SA-2014-004] Remote Command Execution in webEdition CMS Installer Script",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/532230/100/0/threaded"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2014-2302",
"datePublished": "2018-07-19T17:00:00",
"dateReserved": "2014-03-06T00:00:00",
"dateUpdated": "2024-08-06T10:06:00.206Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2014-5258 (GCVE-0-2014-5258)
Vulnerability from nvd – Published: 2014-11-06 18:00 – Updated: 2024-08-06 11:41
VLAI?
Summary
Directory traversal vulnerability in showTempFile.php in webEdition CMS before 6.3.9.0 Beta allows remote authenticated users to read arbitrary files via a .. (dot dot) in the file parameter.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T11:41:47.830Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.htbridge.com/advisory/HTB23227"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.webedition.org/de/aktuelles/webedition-cms/webEdition-6.3.9-Beta-erschienen"
},
{
"name": "20140917 Path Traversal in webEdition",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/533465/100/0/threaded"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://packetstormsecurity.com/files/128301/webEdition-6.3.8.0-Path-Traversal.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.webedition.org/de/webedition-cms/versionshistorie/webedition-6/version-6.3.9.0"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2014-09-17T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Directory traversal vulnerability in showTempFile.php in webEdition CMS before 6.3.9.0 Beta allows remote authenticated users to read arbitrary files via a .. (dot dot) in the file parameter."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-09T18:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.htbridge.com/advisory/HTB23227"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.webedition.org/de/aktuelles/webedition-cms/webEdition-6.3.9-Beta-erschienen"
},
{
"name": "20140917 Path Traversal in webEdition",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/533465/100/0/threaded"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://packetstormsecurity.com/files/128301/webEdition-6.3.8.0-Path-Traversal.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.webedition.org/de/webedition-cms/versionshistorie/webedition-6/version-6.3.9.0"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2014-5258",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Directory traversal vulnerability in showTempFile.php in webEdition CMS before 6.3.9.0 Beta allows remote authenticated users to read arbitrary files via a .. (dot dot) in the file parameter."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.htbridge.com/advisory/HTB23227",
"refsource": "MISC",
"url": "https://www.htbridge.com/advisory/HTB23227"
},
{
"name": "http://www.webedition.org/de/aktuelles/webedition-cms/webEdition-6.3.9-Beta-erschienen",
"refsource": "MISC",
"url": "http://www.webedition.org/de/aktuelles/webedition-cms/webEdition-6.3.9-Beta-erschienen"
},
{
"name": "20140917 Path Traversal in webEdition",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/533465/100/0/threaded"
},
{
"name": "http://packetstormsecurity.com/files/128301/webEdition-6.3.8.0-Path-Traversal.html",
"refsource": "MISC",
"url": "http://packetstormsecurity.com/files/128301/webEdition-6.3.8.0-Path-Traversal.html"
},
{
"name": "http://www.webedition.org/de/webedition-cms/versionshistorie/webedition-6/version-6.3.9.0",
"refsource": "CONFIRM",
"url": "http://www.webedition.org/de/webedition-cms/versionshistorie/webedition-6/version-6.3.9.0"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2014-5258",
"datePublished": "2014-11-06T18:00:00",
"dateReserved": "2014-08-15T00:00:00",
"dateUpdated": "2024-08-06T11:41:47.830Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2014-2303 (GCVE-0-2014-2303)
Vulnerability from nvd – Published: 2014-06-13 14:00 – Updated: 2024-08-06 10:06
VLAI?
Summary
Multiple SQL injection vulnerabilities in the file browser component (we_fs.php) in webEdition CMS before 6.2.7-s1.2 and 6.3.x through 6.3.8 before -s1 allow remote attackers to execute arbitrary SQL commands via the (1) table or (2) order parameter.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | |||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T10:06:00.290Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "20140528 [RT-SA-2014-005] SQL Injection in webEdition CMS File Browser Installer Script",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/532231/100/0/threaded"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://packetstormsecurity.com/files/126862/webEdition-CMS-6.3.8.0-svn6985-SQL-Injection.html"
},
{
"name": "20140528 [RT-SA-2014-005] SQL Injection in webEdition CMS File Browser Installer Script",
"tags": [
"mailing-list",
"x_refsource_FULLDISC",
"x_transferred"
],
"url": "http://seclists.org/fulldisclosure/2014/May/148"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.redteam-pentesting.de/en/advisories/rt-sa-2014-005/-sql-injection-in-webedition-cms-file-browser"
},
{
"name": "67689",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/67689"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.webedition.org/de/aktuelles/allgemein/Wichtiges-Sicherheitsupdate-fuer-CMS-webEdition-veroeffentlicht"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2014-05-28T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Multiple SQL injection vulnerabilities in the file browser component (we_fs.php) in webEdition CMS before 6.2.7-s1.2 and 6.3.x through 6.3.8 before -s1 allow remote attackers to execute arbitrary SQL commands via the (1) table or (2) order parameter."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-09T18:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "20140528 [RT-SA-2014-005] SQL Injection in webEdition CMS File Browser Installer Script",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/532231/100/0/threaded"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://packetstormsecurity.com/files/126862/webEdition-CMS-6.3.8.0-svn6985-SQL-Injection.html"
},
{
"name": "20140528 [RT-SA-2014-005] SQL Injection in webEdition CMS File Browser Installer Script",
"tags": [
"mailing-list",
"x_refsource_FULLDISC"
],
"url": "http://seclists.org/fulldisclosure/2014/May/148"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.redteam-pentesting.de/en/advisories/rt-sa-2014-005/-sql-injection-in-webedition-cms-file-browser"
},
{
"name": "67689",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/67689"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.webedition.org/de/aktuelles/allgemein/Wichtiges-Sicherheitsupdate-fuer-CMS-webEdition-veroeffentlicht"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2014-2303",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple SQL injection vulnerabilities in the file browser component (we_fs.php) in webEdition CMS before 6.2.7-s1.2 and 6.3.x through 6.3.8 before -s1 allow remote attackers to execute arbitrary SQL commands via the (1) table or (2) order parameter."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20140528 [RT-SA-2014-005] SQL Injection in webEdition CMS File Browser Installer Script",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/532231/100/0/threaded"
},
{
"name": "http://packetstormsecurity.com/files/126862/webEdition-CMS-6.3.8.0-svn6985-SQL-Injection.html",
"refsource": "MISC",
"url": "http://packetstormsecurity.com/files/126862/webEdition-CMS-6.3.8.0-svn6985-SQL-Injection.html"
},
{
"name": "20140528 [RT-SA-2014-005] SQL Injection in webEdition CMS File Browser Installer Script",
"refsource": "FULLDISC",
"url": "http://seclists.org/fulldisclosure/2014/May/148"
},
{
"name": "https://www.redteam-pentesting.de/en/advisories/rt-sa-2014-005/-sql-injection-in-webedition-cms-file-browser",
"refsource": "MISC",
"url": "https://www.redteam-pentesting.de/en/advisories/rt-sa-2014-005/-sql-injection-in-webedition-cms-file-browser"
},
{
"name": "67689",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/67689"
},
{
"name": "http://www.webedition.org/de/aktuelles/allgemein/Wichtiges-Sicherheitsupdate-fuer-CMS-webEdition-veroeffentlicht",
"refsource": "MISC",
"url": "http://www.webedition.org/de/aktuelles/allgemein/Wichtiges-Sicherheitsupdate-fuer-CMS-webEdition-veroeffentlicht"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2014-2303",
"datePublished": "2014-06-13T14:00:00",
"dateReserved": "2014-03-06T00:00:00",
"dateUpdated": "2024-08-06T10:06:00.290Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-53884 (GCVE-0-2023-53884)
Vulnerability from cvelistv5 – Published: 2025-12-15 20:28 – Updated: 2025-12-15 21:47
VLAI?
Title
Webedition CMS v2.9.8.8 Stored Cross-Site Scripting via SVG Upload
Summary
Webedition CMS v2.9.8.8 contains a stored cross-site scripting vulnerability that allows authenticated users to upload malicious SVG files with embedded JavaScript. Attackers can upload crafted SVG files through the media upload feature to inject and execute arbitrary scripts when the file is viewed by other users.
Severity ?
CWE
- CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
Assigner
References
| URL | Tags | ||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Webedition | Webedition CMS |
Affected:
2.9.8.8
|
Credits
Mirabbas Ağalarov
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-53884",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-12-15T21:38:15.580094Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-12-15T21:47:00.695Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"references": [
{
"tags": [
"exploit"
],
"url": "https://www.exploit-db.com/exploits/51662"
}
],
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "Webedition CMS",
"vendor": "Webedition",
"versions": [
{
"status": "affected",
"version": "2.9.8.8"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Mirabbas A\u011falarov"
}
],
"descriptions": [
{
"lang": "en",
"value": "Webedition CMS v2.9.8.8 contains a stored cross-site scripting vulnerability that allows authenticated users to upload malicious SVG files with embedded JavaScript. Attackers can upload crafted SVG files through the media upload feature to inject and execute arbitrary scripts when the file is viewed by other users."
}
],
"metrics": [
{
"cvssV4_0": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "NETWORK",
"baseScore": 5.1,
"baseSeverity": "MEDIUM",
"exploitMaturity": "NOT_DEFINED",
"privilegesRequired": "LOW",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "LOW",
"subIntegrityImpact": "LOW",
"userInteraction": "PASSIVE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:P/VC:L/VI:L/VA:N/SC:L/SI:L/SA:N",
"version": "4.0",
"vulnAvailabilityImpact": "NONE",
"vulnConfidentialityImpact": "LOW",
"vulnIntegrityImpact": "LOW",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"format": "CVSS"
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-12-15T20:28:20.915Z",
"orgId": "83251b91-4cc7-4094-a5c7-464a1b83ea10",
"shortName": "VulnCheck"
},
"references": [
{
"name": "ExploitDB-51662",
"tags": [
"exploit"
],
"url": "https://www.exploit-db.com/exploits/51662"
},
{
"name": "webEdition Product Webpage",
"tags": [
"product"
],
"url": "https://www.webedition.org/"
},
{
"name": "VulnCheck Advisory: Webedition CMS v2.9.8.8 Stored Cross-Site Scripting via SVG Upload",
"tags": [
"third-party-advisory"
],
"url": "https://www.vulncheck.com/advisories/webedition-cms-v-stored-cross-site-scripting-via-svg-upload"
}
],
"title": "Webedition CMS v2.9.8.8 Stored Cross-Site Scripting via SVG Upload",
"x_generator": {
"engine": "vulncheck"
}
}
},
"cveMetadata": {
"assignerOrgId": "83251b91-4cc7-4094-a5c7-464a1b83ea10",
"assignerShortName": "VulnCheck",
"cveId": "CVE-2023-53884",
"datePublished": "2025-12-15T20:28:20.915Z",
"dateReserved": "2025-12-13T14:25:05.000Z",
"dateUpdated": "2025-12-15T21:47:00.695Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2023-53883 (GCVE-0-2023-53883)
Vulnerability from cvelistv5 – Published: 2025-12-15 20:28 – Updated: 2025-12-15 21:47
VLAI?
Title
Webedition CMS v2.9.8.8 Remote Code Execution via PHP Page Creation
Summary
Webedition CMS v2.9.8.8 contains a remote code execution vulnerability that allows authenticated attackers to inject system commands through PHP page creation. Attackers can create a new PHP page with malicious system commands in the description field to execute arbitrary commands on the server.
Severity ?
CWE
- CWE-94 - Improper Control of Generation of Code ('Code Injection')
Assigner
References
| URL | Tags | ||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Webedition | Webedition CMS |
Affected:
2.9.8.8
|
Credits
Mirabbas Ağalarov
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-53883",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-12-15T21:38:23.756227Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-12-15T21:47:08.627Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"references": [
{
"tags": [
"exploit"
],
"url": "https://www.exploit-db.com/exploits/51661"
}
],
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "Webedition CMS",
"vendor": "Webedition",
"versions": [
{
"status": "affected",
"version": "2.9.8.8"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Mirabbas A\u011falarov"
}
],
"descriptions": [
{
"lang": "en",
"value": "Webedition CMS v2.9.8.8 contains a remote code execution vulnerability that allows authenticated attackers to inject system commands through PHP page creation. Attackers can create a new PHP page with malicious system commands in the description field to execute arbitrary commands on the server."
}
],
"metrics": [
{
"cvssV4_0": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "NETWORK",
"baseScore": 7.2,
"baseSeverity": "HIGH",
"exploitMaturity": "NOT_DEFINED",
"privilegesRequired": "HIGH",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "NONE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N",
"version": "4.0",
"vulnAvailabilityImpact": "HIGH",
"vulnConfidentialityImpact": "HIGH",
"vulnIntegrityImpact": "HIGH",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"format": "CVSS"
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-94",
"description": "Improper Control of Generation of Code (\u0027Code Injection\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-12-15T20:28:20.486Z",
"orgId": "83251b91-4cc7-4094-a5c7-464a1b83ea10",
"shortName": "VulnCheck"
},
"references": [
{
"name": "ExploitDB-51661",
"tags": [
"exploit"
],
"url": "https://www.exploit-db.com/exploits/51661"
},
{
"name": "webEdition Product Webpage",
"tags": [
"product"
],
"url": "https://www.webedition.org/"
},
{
"name": "VulnCheck Advisory: Webedition CMS v2.9.8.8 Remote Code Execution via PHP Page Creation",
"tags": [
"third-party-advisory"
],
"url": "https://www.vulncheck.com/advisories/webedition-cms-v-remote-code-execution-via-php-page-creation"
}
],
"title": "Webedition CMS v2.9.8.8 Remote Code Execution via PHP Page Creation",
"x_generator": {
"engine": "vulncheck"
}
}
},
"cveMetadata": {
"assignerOrgId": "83251b91-4cc7-4094-a5c7-464a1b83ea10",
"assignerShortName": "VulnCheck",
"cveId": "CVE-2023-53883",
"datePublished": "2025-12-15T20:28:20.486Z",
"dateReserved": "2025-12-13T14:25:05.000Z",
"dateUpdated": "2025-12-15T21:47:08.627Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2024-28418 (GCVE-0-2024-28418)
Vulnerability from cvelistv5 – Published: 2024-03-14 00:00 – Updated: 2024-08-16 15:46
VLAI?
Summary
Webedition CMS 9.2.2.0 has a File upload vulnerability via /webEdition/we_cmd.php
Severity ?
6.5 (Medium)
CWE
- n/a
Assigner
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T00:56:57.314Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://gitee.com/shavchen214/pwn/issues/I94VI3"
}
],
"title": "CVE Program Container"
},
{
"affected": [
{
"cpes": [
"cpe:2.3:a:webedition:webedition_cms:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "webedition_cms",
"vendor": "webedition",
"versions": [
{
"status": "affected",
"version": "9.2.2.0"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2024-28418",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-03-15T19:01:53.916444Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-434",
"description": "CWE-434 Unrestricted Upload of File with Dangerous Type",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-08-16T15:46:00.586Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Webedition CMS 9.2.2.0 has a File upload vulnerability via /webEdition/we_cmd.php"
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-03-14T13:04:51.870310",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"url": "https://gitee.com/shavchen214/pwn/issues/I94VI3"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2024-28418",
"datePublished": "2024-03-14T00:00:00",
"dateReserved": "2024-03-08T00:00:00",
"dateUpdated": "2024-08-16T15:46:00.586Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-28417 (GCVE-0-2024-28417)
Vulnerability from cvelistv5 – Published: 2024-03-14 00:00 – Updated: 2024-08-02 00:56
VLAI?
Summary
Webedition CMS 9.2.2.0 has a Stored XSS vulnerability via /webEdition/we_cmd.php.
Severity ?
6.3 (Medium)
CWE
- n/a
Assigner
References
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:a:webedition:webedition_cms:9.2.2:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "webedition_cms",
"vendor": "webedition",
"versions": [
{
"status": "affected",
"version": "9.2.2"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 6.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2024-28417",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-03-14T13:41:48.453905Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-80",
"description": "CWE-80 Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-06-21T19:24:06.203Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-02T00:56:57.415Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://gitee.com/shavchen214/pwn/issues/I94VFH"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Webedition CMS 9.2.2.0 has a Stored XSS vulnerability via /webEdition/we_cmd.php."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-03-14T13:06:09.620388",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"url": "https://gitee.com/shavchen214/pwn/issues/I94VFH"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2024-28417",
"datePublished": "2024-03-14T00:00:00",
"dateReserved": "2024-03-08T00:00:00",
"dateUpdated": "2024-08-02T00:56:57.415Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2014-2302 (GCVE-0-2014-2302)
Vulnerability from cvelistv5 – Published: 2018-07-19 17:00 – Updated: 2024-08-06 10:06
VLAI?
Summary
The installer script in webEdition CMS before 6.2.7-s1 and 6.3.x before 6.3.8-s1 allows remote attackers to conduct PHP Object Injection attacks by intercepting a request to update.webedition.org.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T10:06:00.206Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "20140528 [RT-SA-2014-004] Remote Command Execution in webEdition CMS Installer Script",
"tags": [
"mailing-list",
"x_refsource_FULLDISC",
"x_transferred"
],
"url": "http://seclists.org/fulldisclosure/2014/May/147"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://packetstormsecurity.com/files/126861/webEdition-CMS-2.8.0.0-Remote-Command-Execution.html"
},
{
"name": "67692",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/67692"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.redteam-pentesting.de/advisories/rt-sa-2014-004"
},
{
"name": "20140528 [RT-SA-2014-004] Remote Command Execution in webEdition CMS Installer Script",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/532230/100/0/threaded"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2014-05-28T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "The installer script in webEdition CMS before 6.2.7-s1 and 6.3.x before 6.3.8-s1 allows remote attackers to conduct PHP Object Injection attacks by intercepting a request to update.webedition.org."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-07-19T16:57:02",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "20140528 [RT-SA-2014-004] Remote Command Execution in webEdition CMS Installer Script",
"tags": [
"mailing-list",
"x_refsource_FULLDISC"
],
"url": "http://seclists.org/fulldisclosure/2014/May/147"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://packetstormsecurity.com/files/126861/webEdition-CMS-2.8.0.0-Remote-Command-Execution.html"
},
{
"name": "67692",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/67692"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.redteam-pentesting.de/advisories/rt-sa-2014-004"
},
{
"name": "20140528 [RT-SA-2014-004] Remote Command Execution in webEdition CMS Installer Script",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/532230/100/0/threaded"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2014-2302",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The installer script in webEdition CMS before 6.2.7-s1 and 6.3.x before 6.3.8-s1 allows remote attackers to conduct PHP Object Injection attacks by intercepting a request to update.webedition.org."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20140528 [RT-SA-2014-004] Remote Command Execution in webEdition CMS Installer Script",
"refsource": "FULLDISC",
"url": "http://seclists.org/fulldisclosure/2014/May/147"
},
{
"name": "http://packetstormsecurity.com/files/126861/webEdition-CMS-2.8.0.0-Remote-Command-Execution.html",
"refsource": "MISC",
"url": "http://packetstormsecurity.com/files/126861/webEdition-CMS-2.8.0.0-Remote-Command-Execution.html"
},
{
"name": "67692",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/67692"
},
{
"name": "https://www.redteam-pentesting.de/advisories/rt-sa-2014-004",
"refsource": "MISC",
"url": "https://www.redteam-pentesting.de/advisories/rt-sa-2014-004"
},
{
"name": "20140528 [RT-SA-2014-004] Remote Command Execution in webEdition CMS Installer Script",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/532230/100/0/threaded"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2014-2302",
"datePublished": "2018-07-19T17:00:00",
"dateReserved": "2014-03-06T00:00:00",
"dateUpdated": "2024-08-06T10:06:00.206Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2014-5258 (GCVE-0-2014-5258)
Vulnerability from cvelistv5 – Published: 2014-11-06 18:00 – Updated: 2024-08-06 11:41
VLAI?
Summary
Directory traversal vulnerability in showTempFile.php in webEdition CMS before 6.3.9.0 Beta allows remote authenticated users to read arbitrary files via a .. (dot dot) in the file parameter.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T11:41:47.830Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.htbridge.com/advisory/HTB23227"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.webedition.org/de/aktuelles/webedition-cms/webEdition-6.3.9-Beta-erschienen"
},
{
"name": "20140917 Path Traversal in webEdition",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/533465/100/0/threaded"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://packetstormsecurity.com/files/128301/webEdition-6.3.8.0-Path-Traversal.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.webedition.org/de/webedition-cms/versionshistorie/webedition-6/version-6.3.9.0"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2014-09-17T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Directory traversal vulnerability in showTempFile.php in webEdition CMS before 6.3.9.0 Beta allows remote authenticated users to read arbitrary files via a .. (dot dot) in the file parameter."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-09T18:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.htbridge.com/advisory/HTB23227"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.webedition.org/de/aktuelles/webedition-cms/webEdition-6.3.9-Beta-erschienen"
},
{
"name": "20140917 Path Traversal in webEdition",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/533465/100/0/threaded"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://packetstormsecurity.com/files/128301/webEdition-6.3.8.0-Path-Traversal.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.webedition.org/de/webedition-cms/versionshistorie/webedition-6/version-6.3.9.0"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2014-5258",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Directory traversal vulnerability in showTempFile.php in webEdition CMS before 6.3.9.0 Beta allows remote authenticated users to read arbitrary files via a .. (dot dot) in the file parameter."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.htbridge.com/advisory/HTB23227",
"refsource": "MISC",
"url": "https://www.htbridge.com/advisory/HTB23227"
},
{
"name": "http://www.webedition.org/de/aktuelles/webedition-cms/webEdition-6.3.9-Beta-erschienen",
"refsource": "MISC",
"url": "http://www.webedition.org/de/aktuelles/webedition-cms/webEdition-6.3.9-Beta-erschienen"
},
{
"name": "20140917 Path Traversal in webEdition",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/533465/100/0/threaded"
},
{
"name": "http://packetstormsecurity.com/files/128301/webEdition-6.3.8.0-Path-Traversal.html",
"refsource": "MISC",
"url": "http://packetstormsecurity.com/files/128301/webEdition-6.3.8.0-Path-Traversal.html"
},
{
"name": "http://www.webedition.org/de/webedition-cms/versionshistorie/webedition-6/version-6.3.9.0",
"refsource": "CONFIRM",
"url": "http://www.webedition.org/de/webedition-cms/versionshistorie/webedition-6/version-6.3.9.0"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2014-5258",
"datePublished": "2014-11-06T18:00:00",
"dateReserved": "2014-08-15T00:00:00",
"dateUpdated": "2024-08-06T11:41:47.830Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2014-2303 (GCVE-0-2014-2303)
Vulnerability from cvelistv5 – Published: 2014-06-13 14:00 – Updated: 2024-08-06 10:06
VLAI?
Summary
Multiple SQL injection vulnerabilities in the file browser component (we_fs.php) in webEdition CMS before 6.2.7-s1.2 and 6.3.x through 6.3.8 before -s1 allow remote attackers to execute arbitrary SQL commands via the (1) table or (2) order parameter.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | |||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T10:06:00.290Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "20140528 [RT-SA-2014-005] SQL Injection in webEdition CMS File Browser Installer Script",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/532231/100/0/threaded"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://packetstormsecurity.com/files/126862/webEdition-CMS-6.3.8.0-svn6985-SQL-Injection.html"
},
{
"name": "20140528 [RT-SA-2014-005] SQL Injection in webEdition CMS File Browser Installer Script",
"tags": [
"mailing-list",
"x_refsource_FULLDISC",
"x_transferred"
],
"url": "http://seclists.org/fulldisclosure/2014/May/148"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.redteam-pentesting.de/en/advisories/rt-sa-2014-005/-sql-injection-in-webedition-cms-file-browser"
},
{
"name": "67689",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/67689"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.webedition.org/de/aktuelles/allgemein/Wichtiges-Sicherheitsupdate-fuer-CMS-webEdition-veroeffentlicht"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2014-05-28T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Multiple SQL injection vulnerabilities in the file browser component (we_fs.php) in webEdition CMS before 6.2.7-s1.2 and 6.3.x through 6.3.8 before -s1 allow remote attackers to execute arbitrary SQL commands via the (1) table or (2) order parameter."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-09T18:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "20140528 [RT-SA-2014-005] SQL Injection in webEdition CMS File Browser Installer Script",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/532231/100/0/threaded"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://packetstormsecurity.com/files/126862/webEdition-CMS-6.3.8.0-svn6985-SQL-Injection.html"
},
{
"name": "20140528 [RT-SA-2014-005] SQL Injection in webEdition CMS File Browser Installer Script",
"tags": [
"mailing-list",
"x_refsource_FULLDISC"
],
"url": "http://seclists.org/fulldisclosure/2014/May/148"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.redteam-pentesting.de/en/advisories/rt-sa-2014-005/-sql-injection-in-webedition-cms-file-browser"
},
{
"name": "67689",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/67689"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.webedition.org/de/aktuelles/allgemein/Wichtiges-Sicherheitsupdate-fuer-CMS-webEdition-veroeffentlicht"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2014-2303",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple SQL injection vulnerabilities in the file browser component (we_fs.php) in webEdition CMS before 6.2.7-s1.2 and 6.3.x through 6.3.8 before -s1 allow remote attackers to execute arbitrary SQL commands via the (1) table or (2) order parameter."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20140528 [RT-SA-2014-005] SQL Injection in webEdition CMS File Browser Installer Script",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/532231/100/0/threaded"
},
{
"name": "http://packetstormsecurity.com/files/126862/webEdition-CMS-6.3.8.0-svn6985-SQL-Injection.html",
"refsource": "MISC",
"url": "http://packetstormsecurity.com/files/126862/webEdition-CMS-6.3.8.0-svn6985-SQL-Injection.html"
},
{
"name": "20140528 [RT-SA-2014-005] SQL Injection in webEdition CMS File Browser Installer Script",
"refsource": "FULLDISC",
"url": "http://seclists.org/fulldisclosure/2014/May/148"
},
{
"name": "https://www.redteam-pentesting.de/en/advisories/rt-sa-2014-005/-sql-injection-in-webedition-cms-file-browser",
"refsource": "MISC",
"url": "https://www.redteam-pentesting.de/en/advisories/rt-sa-2014-005/-sql-injection-in-webedition-cms-file-browser"
},
{
"name": "67689",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/67689"
},
{
"name": "http://www.webedition.org/de/aktuelles/allgemein/Wichtiges-Sicherheitsupdate-fuer-CMS-webEdition-veroeffentlicht",
"refsource": "MISC",
"url": "http://www.webedition.org/de/aktuelles/allgemein/Wichtiges-Sicherheitsupdate-fuer-CMS-webEdition-veroeffentlicht"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2014-2303",
"datePublished": "2014-06-13T14:00:00",
"dateReserved": "2014-03-06T00:00:00",
"dateUpdated": "2024-08-06T10:06:00.290Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
FKIE_CVE-2024-28418
Vulnerability from fkie_nvd - Published: 2024-03-14 13:15 - Updated: 2025-04-30 23:57
Severity ?
Summary
Webedition CMS 9.2.2.0 has a File upload vulnerability via /webEdition/we_cmd.php
References
| URL | Tags | ||
|---|---|---|---|
| cve@mitre.org | https://gitee.com/shavchen214/pwn/issues/I94VI3 | Exploit, Issue Tracking, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://gitee.com/shavchen214/pwn/issues/I94VI3 | Exploit, Issue Tracking, Third Party Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| webedition | webedition_cms | 9.2.2.0 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:webedition:webedition_cms:9.2.2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "8124304E-6B4C-4654-895D-F648DE177DD2",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Webedition CMS 9.2.2.0 has a File upload vulnerability via /webEdition/we_cmd.php"
},
{
"lang": "es",
"value": "Webedition CMS 9.2.2.0 tiene una vulnerabilidad de carga de archivos a trav\u00e9s de /webEdition/we_cmd.php"
}
],
"id": "CVE-2024-28418",
"lastModified": "2025-04-30T23:57:59.193",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 3.6,
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary"
}
]
},
"published": "2024-03-14T13:15:53.833",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Issue Tracking",
"Third Party Advisory"
],
"url": "https://gitee.com/shavchen214/pwn/issues/I94VI3"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Issue Tracking",
"Third Party Advisory"
],
"url": "https://gitee.com/shavchen214/pwn/issues/I94VI3"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Analyzed",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-434"
}
],
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary"
}
]
}
FKIE_CVE-2024-28417
Vulnerability from fkie_nvd - Published: 2024-03-14 13:15 - Updated: 2025-04-30 23:58
Severity ?
Summary
Webedition CMS 9.2.2.0 has a Stored XSS vulnerability via /webEdition/we_cmd.php.
References
| URL | Tags | ||
|---|---|---|---|
| cve@mitre.org | https://gitee.com/shavchen214/pwn/issues/I94VFH | Exploit, Issue Tracking, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://gitee.com/shavchen214/pwn/issues/I94VFH | Exploit, Issue Tracking, Third Party Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| webedition | webedition_cms | 9.2.2.0 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:webedition:webedition_cms:9.2.2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "8124304E-6B4C-4654-895D-F648DE177DD2",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Webedition CMS 9.2.2.0 has a Stored XSS vulnerability via /webEdition/we_cmd.php."
},
{
"lang": "es",
"value": "Webedition CMS 9.2.2.0 tiene una vulnerabilidad XSS almacenado a trav\u00e9s de /webEdition/we_cmd.php."
}
],
"id": "CVE-2024-28417",
"lastModified": "2025-04-30T23:58:26.170",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 6.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 3.4,
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary"
}
]
},
"published": "2024-03-14T13:15:53.790",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Issue Tracking",
"Third Party Advisory"
],
"url": "https://gitee.com/shavchen214/pwn/issues/I94VFH"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Issue Tracking",
"Third Party Advisory"
],
"url": "https://gitee.com/shavchen214/pwn/issues/I94VFH"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Analyzed",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-80"
}
],
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary"
}
]
}
FKIE_CVE-2014-2302
Vulnerability from fkie_nvd - Published: 2018-07-19 17:29 - Updated: 2024-11-21 02:06
Severity ?
Summary
The installer script in webEdition CMS before 6.2.7-s1 and 6.3.x before 6.3.8-s1 allows remote attackers to conduct PHP Object Injection attacks by intercepting a request to update.webedition.org.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| webedition | webedition_cms | * | |
| webedition | webedition_cms | * | |
| webedition | webedition_cms | 6.2.7.0 | |
| webedition | webedition_cms | 6.3.8 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:webedition:webedition_cms:*:*:*:*:*:*:*:*",
"matchCriteriaId": "57E155EC-D7D7-47D1-A451-1AB1864868DB",
"versionEndExcluding": "6.2.7.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:webedition:webedition_cms:*:*:*:*:*:*:*:*",
"matchCriteriaId": "FEBC1A07-6DA5-48F9-BEF5-411FE32D45C5",
"versionEndExcluding": "6.3.8",
"versionStartIncluding": "6.3.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:webedition:webedition_cms:6.2.7.0:s1:*:*:*:*:*:*",
"matchCriteriaId": "27BECFB6-4A1D-4A5C-89E2-997CA10D3E07",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:webedition:webedition_cms:6.3.8:s1:*:*:*:*:*:*",
"matchCriteriaId": "3D76BDCC-65DD-4789-AD39-3487F149790C",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The installer script in webEdition CMS before 6.2.7-s1 and 6.3.x before 6.3.8-s1 allows remote attackers to conduct PHP Object Injection attacks by intercepting a request to update.webedition.org."
},
{
"lang": "es",
"value": "El script de instalaci\u00f3n en webEdition CMS en versiones anteriores a la 6.2.7-s1 y versiones 6.3.x anteriores a la 6.3.8-s1 permite que atacantes remotos lleven a cabo ataques de inyecci\u00f3n de objetos PHP interceptando una petici\u00f3n a update.webedition.org."
}
],
"id": "CVE-2014-2302",
"lastModified": "2024-11-21T02:06:02.167",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2018-07-19T17:29:00.313",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Third Party Advisory",
"VDB Entry"
],
"url": "http://packetstormsecurity.com/files/126861/webEdition-CMS-2.8.0.0-Remote-Command-Execution.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Mailing List",
"Third Party Advisory"
],
"url": "http://seclists.org/fulldisclosure/2014/May/147"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/archive/1/532230/100/0/threaded"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/67692"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://www.redteam-pentesting.de/advisories/rt-sa-2014-004"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Third Party Advisory",
"VDB Entry"
],
"url": "http://packetstormsecurity.com/files/126861/webEdition-CMS-2.8.0.0-Remote-Command-Execution.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Mailing List",
"Third Party Advisory"
],
"url": "http://seclists.org/fulldisclosure/2014/May/147"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/archive/1/532230/100/0/threaded"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/67692"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://www.redteam-pentesting.de/advisories/rt-sa-2014-004"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-94"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
FKIE_CVE-2014-5258
Vulnerability from fkie_nvd - Published: 2014-11-06 18:55 - Updated: 2025-04-12 10:46
Severity ?
Summary
Directory traversal vulnerability in showTempFile.php in webEdition CMS before 6.3.9.0 Beta allows remote authenticated users to read arbitrary files via a .. (dot dot) in the file parameter.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| webedition | webedition_cms | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:webedition:webedition_cms:*:*:*:*:*:*:*:*",
"matchCriteriaId": "AED494EB-17FD-4A5C-89B4-F49E0375EE01",
"versionEndIncluding": "6.3.8.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Directory traversal vulnerability in showTempFile.php in webEdition CMS before 6.3.9.0 Beta allows remote authenticated users to read arbitrary files via a .. (dot dot) in the file parameter."
},
{
"lang": "es",
"value": "Vulnerabilidad de salto de directorio en showTempFile.php en webEdition CMS anterior a 6.3.9.0 Beta permite a usuarios remotos autenticados leer ficheros arbitrarios a trav\u00e9s de un .. (punto punto) en el par\u00e1metro file."
}
],
"id": "CVE-2014-5258",
"lastModified": "2025-04-12T10:46:40.837",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "NONE",
"baseScore": 4.0,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:S/C:P/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2014-11-06T18:55:06.187",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Exploit"
],
"url": "http://packetstormsecurity.com/files/128301/webEdition-6.3.8.0-Path-Traversal.html"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/archive/1/533465/100/0/threaded"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://www.webedition.org/de/aktuelles/webedition-cms/webEdition-6.3.9-Beta-erschienen"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://www.webedition.org/de/webedition-cms/versionshistorie/webedition-6/version-6.3.9.0"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit"
],
"url": "https://www.htbridge.com/advisory/HTB23227"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit"
],
"url": "http://packetstormsecurity.com/files/128301/webEdition-6.3.8.0-Path-Traversal.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/archive/1/533465/100/0/threaded"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://www.webedition.org/de/aktuelles/webedition-cms/webEdition-6.3.9-Beta-erschienen"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://www.webedition.org/de/webedition-cms/versionshistorie/webedition-6/version-6.3.9.0"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit"
],
"url": "https://www.htbridge.com/advisory/HTB23227"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-22"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
FKIE_CVE-2014-2303
Vulnerability from fkie_nvd - Published: 2014-06-13 14:55 - Updated: 2025-04-12 10:46
Severity ?
Summary
Multiple SQL injection vulnerabilities in the file browser component (we_fs.php) in webEdition CMS before 6.2.7-s1.2 and 6.3.x through 6.3.8 before -s1 allow remote attackers to execute arbitrary SQL commands via the (1) table or (2) order parameter.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| webedition | webedition_cms | 6.2.7.0 | |
| webedition | webedition_cms | 6.3.3.0 | |
| webedition | webedition_cms | 6.3.8.0 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:webedition:webedition_cms:6.2.7.0:*:*:*:*:*:*:*",
"matchCriteriaId": "5B9FD009-FDA7-44DC-B79D-200C7212F6F5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:webedition:webedition_cms:6.3.3.0:*:*:*:*:*:*:*",
"matchCriteriaId": "CDAA47EE-5DFE-457B-B1DC-3D8D1866F1A2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:webedition:webedition_cms:6.3.8.0:*:*:*:*:*:*:*",
"matchCriteriaId": "0BFA82D5-C2E0-4DE8-A58F-DF0388079B91",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Multiple SQL injection vulnerabilities in the file browser component (we_fs.php) in webEdition CMS before 6.2.7-s1.2 and 6.3.x through 6.3.8 before -s1 allow remote attackers to execute arbitrary SQL commands via the (1) table or (2) order parameter."
},
{
"lang": "es",
"value": "M\u00faltiples vulnerabilidades de inyecci\u00f3n SQL en el componente del navegador de archivos (we_fs.php) en webEdition CMS anterior a 6.2.7-s1.2 y 6.3.x hasta 6.3.8 anterior a -s1 permiten a atacantes remotos ejecutar comandos SQL arbitrarios a trav\u00e9s del par\u00e1metro (1) table o (2) order."
}
],
"id": "CVE-2014-2303",
"lastModified": "2025-04-12T10:46:40.837",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2014-06-13T14:55:15.197",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Exploit"
],
"url": "http://packetstormsecurity.com/files/126862/webEdition-CMS-6.3.8.0-svn6985-SQL-Injection.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit"
],
"url": "http://seclists.org/fulldisclosure/2014/May/148"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/archive/1/532231/100/0/threaded"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit"
],
"url": "http://www.securityfocus.com/bid/67689"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://www.webedition.org/de/aktuelles/allgemein/Wichtiges-Sicherheitsupdate-fuer-CMS-webEdition-veroeffentlicht"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit"
],
"url": "https://www.redteam-pentesting.de/en/advisories/rt-sa-2014-005/-sql-injection-in-webedition-cms-file-browser"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit"
],
"url": "http://packetstormsecurity.com/files/126862/webEdition-CMS-6.3.8.0-svn6985-SQL-Injection.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit"
],
"url": "http://seclists.org/fulldisclosure/2014/May/148"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/archive/1/532231/100/0/threaded"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit"
],
"url": "http://www.securityfocus.com/bid/67689"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://www.webedition.org/de/aktuelles/allgemein/Wichtiges-Sicherheitsupdate-fuer-CMS-webEdition-veroeffentlicht"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit"
],
"url": "https://www.redteam-pentesting.de/en/advisories/rt-sa-2014-005/-sql-injection-in-webedition-cms-file-browser"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-89"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}