W-CMS HTML Injection And Local File Include Vulnerabilities Network Vulnerability

Summary

w-CMS is prone to multiple HTML-injection vulnerabilities and a local file-include vulnerability. Exploiting these issues could allow an attacker to execute arbitrary HTML and script code in the context of the affected browser, steal cookie-based authentication credentials, and execute arbitrary local scripts in the context of the webserver process. Other attacks are also possible. w-CMS 2.0.1 is vulnerable other versions may also be affected.

References

http://www.securityfocus.com/bid/51359

Updated on 2017-03-28

Severity

Classification

CVSS	Base Score: 6.8 AV:N/AC:M/Au:N/C:P/I:P/A:P

Related Vulnerabilities

Adobe ColdFusion HTTP Response Splitting Vulnerability
appRain CMF 'uploadify.php' Remote Arbitrary File Upload Vulnerability
Apache Struts2 'XWork' Information Disclosure Vulnerability
Adiscon LogAnalyzer 'highlight' Parameter Cross Site Scripting Vulnerability
Apache Rave User Information Disclosure Vulnerability

w-CMS HTML Injection and Local File Include Vulnerabilities

Take action and discover your vulnerabilities