← Back

Wellcms

wellcms

Vendor: Wellcms • 2 CVEs

CVEs (2)

CVE
VENDORS
PRODUCTS
UPDATED
PUBLISHED
CVSS
CVE-2022-36579
1Wellcms
1Wellcms
Jun 17, 2026
Aug 19, 2022
N/A· v4
8.8 HIGH· v3
N/A· v2
Wellcms 2.2.0 is vulnerable to Cross Site Request Forgery (CSRF).
CVE-2020-21005
1Wellcms
1Wellcms
Jun 17, 2026
Jun 3, 2021
N/A· v4
6.5 MEDIUM· v3
4.0 MEDIUM· v2
WellCMS 2.0 beta3 is vulnerable to File Upload. A user can log in to the CMS background and upload a picture. Because the upload file type is controllable, the user can modify the upload file type to get webshell.