Search

Find a vulnerability

Search criteria Use this form to refine search results.
Full-text search supports keyword queries with ranking and filtering.
You can combine vendor, product, and sources to narrow results.
Enable “Apply ordering” to sort by date instead of relevance.

    9 vulnerabilities by WBCE Team

    CVE-2017-2120 (GCVE-0-2017-2120)

    Vulnerability from nvd – Published: 2017-04-28 16:00 – Updated: 2024-08-05 13:39
    VLAI
    Summary
    SQL injection vulnerability in the WBCE CMS 1.1.10 and earlier allows attacker with administrator rights to execute arbitrary SQL commands via unspecified vectors.
    Severity
    No CVSS data available.
    CWE
    • SQL Injection
    Assigner
    References
    URL Tags
    http://jvn.jp/en/jp/JVN73083905/index.html third-party-advisoryx_refsource_JVN
    http://www.securityfocus.com/bid/96467 vdb-entryx_refsource_BID
    https://forum.wbce.org/viewtopic.php?id=977 x_refsource_MISC
    Impacted products
    Vendor Product Version
    WBCE Team WBCE CMS Affected: 1.1.10 and earlier
    Create a notification for this product.
    Date Public
    2017-04-28 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-05T13:39:32.256Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "JVN#73083905",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_JVN",
                  "x_transferred"
                ],
                "url": "http://jvn.jp/en/jp/JVN73083905/index.html"
              },
              {
                "name": "96467",
                "tags": [
                  "vdb-entry",
                  "x_refsource_BID",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/bid/96467"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://forum.wbce.org/viewtopic.php?id=977"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "WBCE CMS",
              "vendor": "WBCE Team",
              "versions": [
                {
                  "status": "affected",
                  "version": "1.1.10 and earlier"
                }
              ]
            }
          ],
          "datePublic": "2017-04-28T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "SQL injection vulnerability in the WBCE CMS 1.1.10 and earlier allows attacker with administrator rights to execute arbitrary SQL commands via unspecified vectors."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "SQL Injection",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2017-05-01T09:57:02.000Z",
            "orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
            "shortName": "jpcert"
          },
          "references": [
            {
              "name": "JVN#73083905",
              "tags": [
                "third-party-advisory",
                "x_refsource_JVN"
              ],
              "url": "http://jvn.jp/en/jp/JVN73083905/index.html"
            },
            {
              "name": "96467",
              "tags": [
                "vdb-entry",
                "x_refsource_BID"
              ],
              "url": "http://www.securityfocus.com/bid/96467"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://forum.wbce.org/viewtopic.php?id=977"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "vultures@jpcert.or.jp",
              "ID": "CVE-2017-2120",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "WBCE CMS",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "1.1.10 and earlier"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "WBCE Team"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "SQL injection vulnerability in the WBCE CMS 1.1.10 and earlier allows attacker with administrator rights to execute arbitrary SQL commands via unspecified vectors."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "SQL Injection"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "JVN#73083905",
                  "refsource": "JVN",
                  "url": "http://jvn.jp/en/jp/JVN73083905/index.html"
                },
                {
                  "name": "96467",
                  "refsource": "BID",
                  "url": "http://www.securityfocus.com/bid/96467"
                },
                {
                  "name": "https://forum.wbce.org/viewtopic.php?id=977",
                  "refsource": "MISC",
                  "url": "https://forum.wbce.org/viewtopic.php?id=977"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
        "assignerShortName": "jpcert",
        "cveId": "CVE-2017-2120",
        "datePublished": "2017-04-28T16:00:00.000Z",
        "dateReserved": "2016-12-01T00:00:00.000Z",
        "dateUpdated": "2024-08-05T13:39:32.256Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2017-2119 (GCVE-0-2017-2119)

    Vulnerability from nvd – Published: 2017-04-28 16:00 – Updated: 2024-08-05 13:39
    VLAI
    Summary
    Directory traversal vulnerability in WBCE CMS 1.1.10 and earlier allows remote attackers to read arbitrary files via unspecified vectors.
    Severity
    No CVSS data available.
    CWE
    • Directory traversal
    Assigner
    References
    URL Tags
    http://jvn.jp/en/jp/JVN73083905/index.html third-party-advisoryx_refsource_JVN
    http://www.securityfocus.com/bid/96467 vdb-entryx_refsource_BID
    https://forum.wbce.org/viewtopic.php?id=977 x_refsource_MISC
    Impacted products
    Vendor Product Version
    WBCE Team WBCE CMS Affected: 1.1.10 and earlier
    Create a notification for this product.
    Date Public
    2017-04-28 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-05T13:39:32.281Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "JVN#73083905",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_JVN",
                  "x_transferred"
                ],
                "url": "http://jvn.jp/en/jp/JVN73083905/index.html"
              },
              {
                "name": "96467",
                "tags": [
                  "vdb-entry",
                  "x_refsource_BID",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/bid/96467"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://forum.wbce.org/viewtopic.php?id=977"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "WBCE CMS",
              "vendor": "WBCE Team",
              "versions": [
                {
                  "status": "affected",
                  "version": "1.1.10 and earlier"
                }
              ]
            }
          ],
          "datePublic": "2017-04-28T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "Directory traversal vulnerability in WBCE CMS 1.1.10 and earlier allows remote attackers to read arbitrary files via unspecified vectors."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "Directory traversal",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2017-05-01T09:57:02.000Z",
            "orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
            "shortName": "jpcert"
          },
          "references": [
            {
              "name": "JVN#73083905",
              "tags": [
                "third-party-advisory",
                "x_refsource_JVN"
              ],
              "url": "http://jvn.jp/en/jp/JVN73083905/index.html"
            },
            {
              "name": "96467",
              "tags": [
                "vdb-entry",
                "x_refsource_BID"
              ],
              "url": "http://www.securityfocus.com/bid/96467"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://forum.wbce.org/viewtopic.php?id=977"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "vultures@jpcert.or.jp",
              "ID": "CVE-2017-2119",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "WBCE CMS",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "1.1.10 and earlier"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "WBCE Team"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Directory traversal vulnerability in WBCE CMS 1.1.10 and earlier allows remote attackers to read arbitrary files via unspecified vectors."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "Directory traversal"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "JVN#73083905",
                  "refsource": "JVN",
                  "url": "http://jvn.jp/en/jp/JVN73083905/index.html"
                },
                {
                  "name": "96467",
                  "refsource": "BID",
                  "url": "http://www.securityfocus.com/bid/96467"
                },
                {
                  "name": "https://forum.wbce.org/viewtopic.php?id=977",
                  "refsource": "MISC",
                  "url": "https://forum.wbce.org/viewtopic.php?id=977"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
        "assignerShortName": "jpcert",
        "cveId": "CVE-2017-2119",
        "datePublished": "2017-04-28T16:00:00.000Z",
        "dateReserved": "2016-12-01T00:00:00.000Z",
        "dateUpdated": "2024-08-05T13:39:32.281Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2017-2118 (GCVE-0-2017-2118)

    Vulnerability from nvd – Published: 2017-04-28 16:00 – Updated: 2024-08-05 13:39
    VLAI
    Summary
    Cross-site scripting vulnerability in WBCE CMS 1.1.10 and earlier allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
    Severity
    No CVSS data available.
    CWE
    • Cross-site scripting
    Assigner
    References
    URL Tags
    http://jvn.jp/en/jp/JVN73083905/index.html third-party-advisoryx_refsource_JVN
    http://www.securityfocus.com/bid/96467 vdb-entryx_refsource_BID
    https://forum.wbce.org/viewtopic.php?id=977 x_refsource_MISC
    Impacted products
    Vendor Product Version
    WBCE Team WBCE CMS Affected: 1.1.10 and earlier
    Create a notification for this product.
    Date Public
    2017-04-28 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-05T13:39:32.278Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "JVN#73083905",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_JVN",
                  "x_transferred"
                ],
                "url": "http://jvn.jp/en/jp/JVN73083905/index.html"
              },
              {
                "name": "96467",
                "tags": [
                  "vdb-entry",
                  "x_refsource_BID",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/bid/96467"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://forum.wbce.org/viewtopic.php?id=977"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "WBCE CMS",
              "vendor": "WBCE Team",
              "versions": [
                {
                  "status": "affected",
                  "version": "1.1.10 and earlier"
                }
              ]
            }
          ],
          "datePublic": "2017-04-28T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "Cross-site scripting vulnerability in WBCE CMS 1.1.10 and earlier allows remote attackers to inject arbitrary web script or HTML via unspecified vectors."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "Cross-site scripting",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2017-05-01T09:57:02.000Z",
            "orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
            "shortName": "jpcert"
          },
          "references": [
            {
              "name": "JVN#73083905",
              "tags": [
                "third-party-advisory",
                "x_refsource_JVN"
              ],
              "url": "http://jvn.jp/en/jp/JVN73083905/index.html"
            },
            {
              "name": "96467",
              "tags": [
                "vdb-entry",
                "x_refsource_BID"
              ],
              "url": "http://www.securityfocus.com/bid/96467"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://forum.wbce.org/viewtopic.php?id=977"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "vultures@jpcert.or.jp",
              "ID": "CVE-2017-2118",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "WBCE CMS",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "1.1.10 and earlier"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "WBCE Team"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Cross-site scripting vulnerability in WBCE CMS 1.1.10 and earlier allows remote attackers to inject arbitrary web script or HTML via unspecified vectors."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "Cross-site scripting"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "JVN#73083905",
                  "refsource": "JVN",
                  "url": "http://jvn.jp/en/jp/JVN73083905/index.html"
                },
                {
                  "name": "96467",
                  "refsource": "BID",
                  "url": "http://www.securityfocus.com/bid/96467"
                },
                {
                  "name": "https://forum.wbce.org/viewtopic.php?id=977",
                  "refsource": "MISC",
                  "url": "https://forum.wbce.org/viewtopic.php?id=977"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
        "assignerShortName": "jpcert",
        "cveId": "CVE-2017-2118",
        "datePublished": "2017-04-28T16:00:00.000Z",
        "dateReserved": "2016-12-01T00:00:00.000Z",
        "dateUpdated": "2024-08-05T13:39:32.278Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2017-2119 (GCVE-0-2017-2119)

    Vulnerability from cvelistv5 – Published: 2017-04-28 16:00 – Updated: 2024-08-05 13:39
    VLAI
    Summary
    Directory traversal vulnerability in WBCE CMS 1.1.10 and earlier allows remote attackers to read arbitrary files via unspecified vectors.
    Severity
    No CVSS data available.
    CWE
    • Directory traversal
    Assigner
    References
    URL Tags
    http://jvn.jp/en/jp/JVN73083905/index.html third-party-advisoryx_refsource_JVN
    http://www.securityfocus.com/bid/96467 vdb-entryx_refsource_BID
    https://forum.wbce.org/viewtopic.php?id=977 x_refsource_MISC
    Impacted products
    Vendor Product Version
    WBCE Team WBCE CMS Affected: 1.1.10 and earlier
    Create a notification for this product.
    Date Public
    2017-04-28 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-05T13:39:32.281Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "JVN#73083905",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_JVN",
                  "x_transferred"
                ],
                "url": "http://jvn.jp/en/jp/JVN73083905/index.html"
              },
              {
                "name": "96467",
                "tags": [
                  "vdb-entry",
                  "x_refsource_BID",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/bid/96467"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://forum.wbce.org/viewtopic.php?id=977"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "WBCE CMS",
              "vendor": "WBCE Team",
              "versions": [
                {
                  "status": "affected",
                  "version": "1.1.10 and earlier"
                }
              ]
            }
          ],
          "datePublic": "2017-04-28T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "Directory traversal vulnerability in WBCE CMS 1.1.10 and earlier allows remote attackers to read arbitrary files via unspecified vectors."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "Directory traversal",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2017-05-01T09:57:02.000Z",
            "orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
            "shortName": "jpcert"
          },
          "references": [
            {
              "name": "JVN#73083905",
              "tags": [
                "third-party-advisory",
                "x_refsource_JVN"
              ],
              "url": "http://jvn.jp/en/jp/JVN73083905/index.html"
            },
            {
              "name": "96467",
              "tags": [
                "vdb-entry",
                "x_refsource_BID"
              ],
              "url": "http://www.securityfocus.com/bid/96467"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://forum.wbce.org/viewtopic.php?id=977"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "vultures@jpcert.or.jp",
              "ID": "CVE-2017-2119",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "WBCE CMS",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "1.1.10 and earlier"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "WBCE Team"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Directory traversal vulnerability in WBCE CMS 1.1.10 and earlier allows remote attackers to read arbitrary files via unspecified vectors."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "Directory traversal"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "JVN#73083905",
                  "refsource": "JVN",
                  "url": "http://jvn.jp/en/jp/JVN73083905/index.html"
                },
                {
                  "name": "96467",
                  "refsource": "BID",
                  "url": "http://www.securityfocus.com/bid/96467"
                },
                {
                  "name": "https://forum.wbce.org/viewtopic.php?id=977",
                  "refsource": "MISC",
                  "url": "https://forum.wbce.org/viewtopic.php?id=977"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
        "assignerShortName": "jpcert",
        "cveId": "CVE-2017-2119",
        "datePublished": "2017-04-28T16:00:00.000Z",
        "dateReserved": "2016-12-01T00:00:00.000Z",
        "dateUpdated": "2024-08-05T13:39:32.281Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2017-2120 (GCVE-0-2017-2120)

    Vulnerability from cvelistv5 – Published: 2017-04-28 16:00 – Updated: 2024-08-05 13:39
    VLAI
    Summary
    SQL injection vulnerability in the WBCE CMS 1.1.10 and earlier allows attacker with administrator rights to execute arbitrary SQL commands via unspecified vectors.
    Severity
    No CVSS data available.
    CWE
    • SQL Injection
    Assigner
    References
    URL Tags
    http://jvn.jp/en/jp/JVN73083905/index.html third-party-advisoryx_refsource_JVN
    http://www.securityfocus.com/bid/96467 vdb-entryx_refsource_BID
    https://forum.wbce.org/viewtopic.php?id=977 x_refsource_MISC
    Impacted products
    Vendor Product Version
    WBCE Team WBCE CMS Affected: 1.1.10 and earlier
    Create a notification for this product.
    Date Public
    2017-04-28 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-05T13:39:32.256Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "JVN#73083905",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_JVN",
                  "x_transferred"
                ],
                "url": "http://jvn.jp/en/jp/JVN73083905/index.html"
              },
              {
                "name": "96467",
                "tags": [
                  "vdb-entry",
                  "x_refsource_BID",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/bid/96467"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://forum.wbce.org/viewtopic.php?id=977"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "WBCE CMS",
              "vendor": "WBCE Team",
              "versions": [
                {
                  "status": "affected",
                  "version": "1.1.10 and earlier"
                }
              ]
            }
          ],
          "datePublic": "2017-04-28T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "SQL injection vulnerability in the WBCE CMS 1.1.10 and earlier allows attacker with administrator rights to execute arbitrary SQL commands via unspecified vectors."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "SQL Injection",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2017-05-01T09:57:02.000Z",
            "orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
            "shortName": "jpcert"
          },
          "references": [
            {
              "name": "JVN#73083905",
              "tags": [
                "third-party-advisory",
                "x_refsource_JVN"
              ],
              "url": "http://jvn.jp/en/jp/JVN73083905/index.html"
            },
            {
              "name": "96467",
              "tags": [
                "vdb-entry",
                "x_refsource_BID"
              ],
              "url": "http://www.securityfocus.com/bid/96467"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://forum.wbce.org/viewtopic.php?id=977"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "vultures@jpcert.or.jp",
              "ID": "CVE-2017-2120",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "WBCE CMS",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "1.1.10 and earlier"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "WBCE Team"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "SQL injection vulnerability in the WBCE CMS 1.1.10 and earlier allows attacker with administrator rights to execute arbitrary SQL commands via unspecified vectors."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "SQL Injection"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "JVN#73083905",
                  "refsource": "JVN",
                  "url": "http://jvn.jp/en/jp/JVN73083905/index.html"
                },
                {
                  "name": "96467",
                  "refsource": "BID",
                  "url": "http://www.securityfocus.com/bid/96467"
                },
                {
                  "name": "https://forum.wbce.org/viewtopic.php?id=977",
                  "refsource": "MISC",
                  "url": "https://forum.wbce.org/viewtopic.php?id=977"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
        "assignerShortName": "jpcert",
        "cveId": "CVE-2017-2120",
        "datePublished": "2017-04-28T16:00:00.000Z",
        "dateReserved": "2016-12-01T00:00:00.000Z",
        "dateUpdated": "2024-08-05T13:39:32.256Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2017-2118 (GCVE-0-2017-2118)

    Vulnerability from cvelistv5 – Published: 2017-04-28 16:00 – Updated: 2024-08-05 13:39
    VLAI
    Summary
    Cross-site scripting vulnerability in WBCE CMS 1.1.10 and earlier allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
    Severity
    No CVSS data available.
    CWE
    • Cross-site scripting
    Assigner
    References
    URL Tags
    http://jvn.jp/en/jp/JVN73083905/index.html third-party-advisoryx_refsource_JVN
    http://www.securityfocus.com/bid/96467 vdb-entryx_refsource_BID
    https://forum.wbce.org/viewtopic.php?id=977 x_refsource_MISC
    Impacted products
    Vendor Product Version
    WBCE Team WBCE CMS Affected: 1.1.10 and earlier
    Create a notification for this product.
    Date Public
    2017-04-28 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-05T13:39:32.278Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "JVN#73083905",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_JVN",
                  "x_transferred"
                ],
                "url": "http://jvn.jp/en/jp/JVN73083905/index.html"
              },
              {
                "name": "96467",
                "tags": [
                  "vdb-entry",
                  "x_refsource_BID",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/bid/96467"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://forum.wbce.org/viewtopic.php?id=977"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "WBCE CMS",
              "vendor": "WBCE Team",
              "versions": [
                {
                  "status": "affected",
                  "version": "1.1.10 and earlier"
                }
              ]
            }
          ],
          "datePublic": "2017-04-28T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "Cross-site scripting vulnerability in WBCE CMS 1.1.10 and earlier allows remote attackers to inject arbitrary web script or HTML via unspecified vectors."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "Cross-site scripting",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2017-05-01T09:57:02.000Z",
            "orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
            "shortName": "jpcert"
          },
          "references": [
            {
              "name": "JVN#73083905",
              "tags": [
                "third-party-advisory",
                "x_refsource_JVN"
              ],
              "url": "http://jvn.jp/en/jp/JVN73083905/index.html"
            },
            {
              "name": "96467",
              "tags": [
                "vdb-entry",
                "x_refsource_BID"
              ],
              "url": "http://www.securityfocus.com/bid/96467"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://forum.wbce.org/viewtopic.php?id=977"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "vultures@jpcert.or.jp",
              "ID": "CVE-2017-2118",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "WBCE CMS",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "1.1.10 and earlier"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "WBCE Team"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Cross-site scripting vulnerability in WBCE CMS 1.1.10 and earlier allows remote attackers to inject arbitrary web script or HTML via unspecified vectors."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "Cross-site scripting"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "JVN#73083905",
                  "refsource": "JVN",
                  "url": "http://jvn.jp/en/jp/JVN73083905/index.html"
                },
                {
                  "name": "96467",
                  "refsource": "BID",
                  "url": "http://www.securityfocus.com/bid/96467"
                },
                {
                  "name": "https://forum.wbce.org/viewtopic.php?id=977",
                  "refsource": "MISC",
                  "url": "https://forum.wbce.org/viewtopic.php?id=977"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
        "assignerShortName": "jpcert",
        "cveId": "CVE-2017-2118",
        "datePublished": "2017-04-28T16:00:00.000Z",
        "dateReserved": "2016-12-01T00:00:00.000Z",
        "dateUpdated": "2024-08-05T13:39:32.278Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    JVNDB-2017-000037

    Vulnerability from jvndb - Published: 2017-02-28 14:22 - Updated:2017-06-01 12:28
    Severity
    Summary
    WBCE CMS vulnerable to SQL injection
    Details
    WBCE CMS provided by WBCE Team is an open-source Contents Management System (CMS). WBCE CMS contains an SQL injection vulnerability (CWE-89). ASAI Ken reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.
    Impacted products
    Show details on JVN DB website

    {
      "@rdf:about": "https://jvndb.jvn.jp/en/contents/2017/JVNDB-2017-000037.html",
      "dc:date": "2017-06-01T12:28+09:00",
      "dcterms:issued": "2017-02-28T14:22+09:00",
      "dcterms:modified": "2017-06-01T12:28+09:00",
      "description": "WBCE CMS provided by WBCE Team is an open-source Contents Management System (CMS). WBCE CMS contains an SQL injection vulnerability (CWE-89).\r\n\r\nASAI Ken reported this vulnerability to IPA.\r\nJPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.",
      "link": "https://jvndb.jvn.jp/en/contents/2017/JVNDB-2017-000037.html",
      "sec:cpe": {
        "#text": "cpe:/a:wbce:wbce_cms",
        "@product": "WBCE CMS",
        "@vendor": "WBCE Team",
        "@version": "2.2"
      },
      "sec:cvss": [
        {
          "@score": "6.5",
          "@severity": "Medium",
          "@type": "Base",
          "@vector": "AV:N/AC:L/Au:S/C:P/I:P/A:P",
          "@version": "2.0"
        },
        {
          "@score": "4.7",
          "@severity": "Medium",
          "@type": "Base",
          "@vector": "CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:L",
          "@version": "3.0"
        }
      ],
      "sec:identifier": "JVNDB-2017-000037",
      "sec:references": [
        {
          "#text": "http://jvn.jp/en/jp/JVN73083905/index.html",
          "@id": "JVN#73083905",
          "@source": "JVN"
        },
        {
          "#text": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-2120",
          "@id": "CVE-2017-2120",
          "@source": "CVE"
        },
        {
          "#text": "https://nvd.nist.gov/vuln/detail/CVE-2017-2120",
          "@id": "CVE-2017-2120",
          "@source": "NVD"
        },
        {
          "#text": "https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html",
          "@id": "CWE-89",
          "@title": "SQL Injection(CWE-89)"
        }
      ],
      "title": "WBCE CMS vulnerable to SQL injection"
    }

    JVNDB-2017-000036

    Vulnerability from jvndb - Published: 2017-02-28 14:21 - Updated:2017-06-01 12:28
    Severity
    Summary
    WBCE CMS vulnerable to directory traversal
    Details
    WBCE CMS provided by WBCE Team is an open-source Contents Management System (CMS). WBCE CMS contains a directory traversal vulnerability (CWE-22). ASAI Ken reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.
    Impacted products
    Show details on JVN DB website

    {
      "@rdf:about": "https://jvndb.jvn.jp/en/contents/2017/JVNDB-2017-000036.html",
      "dc:date": "2017-06-01T12:28+09:00",
      "dcterms:issued": "2017-02-28T14:21+09:00",
      "dcterms:modified": "2017-06-01T12:28+09:00",
      "description": "WBCE CMS provided by WBCE Team is an open-source Contents Management System (CMS). WBCE CMS contains a directory traversal vulnerability (CWE-22).\r\n\r\nASAI Ken reported this vulnerability to IPA.\r\nJPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.",
      "link": "https://jvndb.jvn.jp/en/contents/2017/JVNDB-2017-000036.html",
      "sec:cpe": {
        "#text": "cpe:/a:wbce:wbce_cms",
        "@product": "WBCE CMS",
        "@vendor": "WBCE Team",
        "@version": "2.2"
      },
      "sec:cvss": [
        {
          "@score": "5.0",
          "@severity": "Medium",
          "@type": "Base",
          "@vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
          "@version": "2.0"
        },
        {
          "@score": "5.8",
          "@severity": "Medium",
          "@type": "Base",
          "@vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:N/A:N",
          "@version": "3.0"
        }
      ],
      "sec:identifier": "JVNDB-2017-000036",
      "sec:references": [
        {
          "#text": "http://jvn.jp/en/jp/JVN73083905/index.html",
          "@id": "JVN#73083905",
          "@source": "JVN"
        },
        {
          "#text": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-2119",
          "@id": "CVE-2017-2119",
          "@source": "CVE"
        },
        {
          "#text": "https://nvd.nist.gov/vuln/detail/CVE-2017-2119",
          "@id": "CVE-2017-2119",
          "@source": "NVD"
        },
        {
          "#text": "https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html",
          "@id": "CWE-22",
          "@title": "Path Traversal(CWE-22)"
        }
      ],
      "title": "WBCE CMS vulnerable to directory traversal"
    }

    JVNDB-2017-000035

    Vulnerability from jvndb - Published: 2017-02-28 14:21 - Updated:2017-06-01 12:28
    Severity
    Summary
    WBCE CMS vulnerable to cross-site scripting
    Details
    WBCE CMS provided by WBCE Team is an open-source Contents Management System (CMS). WBCE CMS contains a cross-site scripting vulnerability (CWE-79). ASAI Ken reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.
    Impacted products
    Show details on JVN DB website

    {
      "@rdf:about": "https://jvndb.jvn.jp/en/contents/2017/JVNDB-2017-000035.html",
      "dc:date": "2017-06-01T12:28+09:00",
      "dcterms:issued": "2017-02-28T14:21+09:00",
      "dcterms:modified": "2017-06-01T12:28+09:00",
      "description": "WBCE CMS provided by WBCE Team is an open-source Contents Management System (CMS). WBCE CMS contains a cross-site scripting vulnerability (CWE-79).\r\n\r\nASAI Ken reported this vulnerability to IPA.\r\nJPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.",
      "link": "https://jvndb.jvn.jp/en/contents/2017/JVNDB-2017-000035.html",
      "sec:cpe": {
        "#text": "cpe:/a:wbce:wbce_cms",
        "@product": "WBCE CMS",
        "@vendor": "WBCE Team",
        "@version": "2.2"
      },
      "sec:cvss": [
        {
          "@score": "2.6",
          "@severity": "Low",
          "@type": "Base",
          "@vector": "AV:N/AC:H/Au:N/C:N/I:P/A:N",
          "@version": "2.0"
        },
        {
          "@score": "6.1",
          "@severity": "Medium",
          "@type": "Base",
          "@vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
          "@version": "3.0"
        }
      ],
      "sec:identifier": "JVNDB-2017-000035",
      "sec:references": [
        {
          "#text": "http://jvn.jp/en/jp/JVN73083905/index.html",
          "@id": "JVN#73083905",
          "@source": "JVN"
        },
        {
          "#text": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-2118",
          "@id": "CVE-2017-2118",
          "@source": "CVE"
        },
        {
          "#text": "https://nvd.nist.gov/vuln/detail/CVE-2017-2118",
          "@id": "CVE-2017-2118",
          "@source": "NVD"
        },
        {
          "#text": "https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html",
          "@id": "CWE-79",
          "@title": "Cross-site Scripting(CWE-79)"
        }
      ],
      "title": "WBCE CMS vulnerable to cross-site scripting"
    }