Security
Headlines
HeadlinesLatestCVEs

Headline

CVE-2023-39796: Release WBCE CMS 1.6.1 · WBCE/WBCE_CMS

SQL injection vulnerability in the miniform module in WBCE CMS v.1.6.0 allows remote unauthenticated attacker to execute arbitrary code via the DB_RECORD_TABLE parameter.

CVE
#sql#vulnerability#auth

Latest

Latest

Compare

Choose a tag to compare

instantflorian released this

27 Apr 06:44

· 13 commits to main since this release

1.6.1

1610cfa

This is a SECURITY / bugfix release. Please update as soon as possible; for more information, see annoncement in the WBCE CMS forum.
Also, some bugs were fixed and CKEditor was updated to the latest version.

Related news

WBCE 1.6.0 SQL Injection

WBCE version 1.6.0 suffers from a remote SQL injection vulnerability.

CVE: Latest News

CVE-2023-50976: Transactions API Authorization by oleiman · Pull Request #14969 · redpanda-data/redpanda
CVE-2023-6905
CVE-2023-6903
CVE-2023-6904
CVE-2023-3907