Webidsupport » Webid : Security Vulnerabilities, CVEs, CVSS score >= 9
WeBid <=1.2.2 is vulnerable to code injection via admin/categoriestrans.php.
Max CVSS
9.8
EPSS Score
0.13%
Published
2023-11-08
Updated
2023-11-15
A security issue was discovered in WeBid <=1.2.2. A Server-Side Request Forgery (SSRF) vulnerability in the admin/theme.php file allows remote attackers to inject payloads via theme parameters to read files across directories.
Max CVSS
9.1
EPSS Score
0.26%
Published
2022-10-14
Updated
2022-10-20
WeBid 1.2.2 admin/newuser.php has an issue with password rechecking during registration because it uses a loose comparison to check the identicalness of two passwords. Two non-identical passwords can still bypass the check.
Max CVSS
9.8
EPSS Score
0.29%
Published
2021-01-27
Updated
2021-02-02
3 vulnerabilities found