shadoweb/wdja

shadoweb/wdja

Unavailable

This project is no longer available (or publicly accessible) from GitHub

Releases2

Frequency7 months 3 weeks

Last Release over 3 years ago

Stars2

WDJA is based on (PHP)JTBC1.0 redevelop. website: www.wdja.net

Log in to subscribe

CVE History

CVE	Published	CVSS v3	CVSS v2
CVE-2021-42185 ↗	May 4, 2022Wednesday, 4 May 2022, 12:15	9.8 CRITICAL	7.5 HIGH
wdja v2.1 is affected by a SQL injection vulnerability in the foreground search function.
CVE-2020-20982 ↗	Nov 3, 2021Wednesday, 3 November 2021, 17:15	9.6 CRITICAL	6.8 MEDIUM
Cross Site Scripting (XSS) vulnerability in shadoweb wdja v1.5.1, allows attackers to execute arbitrary code and gain escalated privileges, via the backurl parameter to /php/passport/index.php.
CVE-2020-21658 ↗	Oct 6, 2021Wednesday, 6 October 2021, 22:15	6.5 MEDIUM	4.3 MEDIUM
A Cross-Site Request Forgery (CSRF) in WDJA CMS v1.5.2 allows attackers to arbitrarily add administrator accounts via a crafted URL.
CVE-2020-21648 ↗	Oct 6, 2021Wednesday, 6 October 2021, 22:15	9.1 CRITICAL	6.4 MEDIUM
WDJA CMS v1.5.2 contains an arbitrary file deletion vulnerability in the component admin/cache/manage.php.
CVE-2020-23631 ↗	Jan 11, 2021Monday, 11 January 2021, 20:15	6.1 MEDIUM	4.3 MEDIUM
Cross-site request forgery (CSRF) in admin/global/manage.php in WDJA CMS 1.5 allows remote attackers to conduct cross-site scripting (XSS) attacks via the tongji parameter.