Show filters
2 Total Results
Displaying 1-2 of 2
Sort by:
Attacker Value
Unknown
CVE-2018-17361
Disclosure Date: September 23, 2018 (last updated November 27, 2024)
Multiple XSS vulnerabilities in WeaselCMS v0.3.6 allow remote attackers to inject arbitrary web script or HTML via the PATH_INFO to index.php because $_SERVER['PHP_SELF'] is mishandled.
0
Attacker Value
Unknown
CVE-2018-16352
Disclosure Date: September 02, 2018 (last updated November 27, 2024)
There is a PHP code upload vulnerability in WeaselCMS 0.3.6 via index.php because code can be embedded at the end of a .png file when the image/png content type is used.
0
