webwiz CVE Vulnerabilities & Metrics

Focus on webwiz vulnerabilities and metrics.

Last updated: 08 Mar 2026, 23:25 UTC

About webwiz Security Exposure

This page consolidates all known Common Vulnerabilities and Exposures (CVEs) associated with webwiz. We track both calendar-based metrics (using fixed periods) and rolling metrics (using gliding windows) to give you a comprehensive view of security trends and risk evolution. Use these insights to assess risk and plan your patching strategy.

For a broader perspective on cybersecurity threats, explore the comprehensive list of CVEs by vendor and product. Stay updated on critical vulnerabilities affecting major software and hardware providers.

Global CVE Overview

Total webwiz CVEs: 1
Earliest CVE date: 31 Dec 2004, 05:00 UTC
Latest CVE date: 22 Feb 2026, 14:16 UTC

Latest CVE reference: CVE-2019-25442

Rolling Stats

30-day Count (Rolling): 1
365-day Count (Rolling): 1

Calendar-based Variation

Calendar-based Variation compares a fixed calendar period (e.g., this month versus the same month last year), while Rolling Growth Rate uses a continuous window (e.g., last 30 days versus the previous 30 days) to capture trends independent of calendar boundaries.

Variations & Growth

Month Variation (Calendar): 0%
Year Variation (Calendar): 0%

Month Growth Rate (30-day Rolling): 0.0%
Year Growth Rate (365-day Rolling): 0.0%

Monthly CVE Trends (current vs previous Year)

Annual CVE Trends (Last 20 Years)

Critical webwiz CVEs (CVSS ≥ 9) Over 20 Years

CVSS Stats

Average CVSS: 5.01

Max CVSS: 7.5

Critical CVEs (≥9): 0

CVSS Range vs. Count

Range	Count
0.0-3.9	1
4.0-6.9	4
7.0-8.9	2
9.0-10.0	0

CVSS Distribution Chart

Top 5 Highest CVSS webwiz CVEs

These are the five CVEs with the highest CVSS scores for webwiz, sorted by severity first and recency.

CVE-2006-6212 webwiz Published on 01 Dec 2006, 01:28 UTC (CVSS: 7.5)
PHP remote file inclusion vulnerability in centre.php in Site News (site_news) 2.00, and possibly earlier, allows remote attackers to execute arbitrary PHP code via a URL in the page parameter. NOTE: The provenance of this information is unknown; the details are obtained solely from third party information.
CVE-2005-4606 webwiz Published on 31 Dec 2005, 05:00 UTC (CVSS: 7.5)
SQL injection vulnerability in check_user.asp in multiple Web Wiz products including (1) Site News 3.06 and earlier, (2) Journal 1.0 and earlier, (3) Polls 3.06 and earlier, and (4) and Database Login 1.71 and earlier allows remote attackers to execute arbitrary SQL commands via the txtUserName parameter.
CVE-2004-2733 webwiz Published on 31 Dec 2004, 05:00 UTC (CVSS: 5.8)
Web Wiz Forums 7.7a uses invalid logic to determine user privileges, which allows remote attackers to (1) block arbitrary IP addresses via pop_up_ip_blocking.asp or (2) modify topics via pop_up_topic_admin.asp.
CVE-2009-5019 webwiz Published on 01 Dec 2010, 16:06 UTC (CVSS: 5.0)
Web Wiz NewsPad stores sensitive information under the web root with insufficient access control, which allows remote attackers to download a database via a direct request for database/NewsPad.mdb.
CVE-2008-0466 webwiz Published on 29 Jan 2008, 00:00 UTC (CVSS: 5.0)
Web Wiz RTE_file_browser.asp in, as used in Web Wiz Rich Text Editor 4.0, Web Wiz Forums 9.07, and Web Wiz Newspad 1.02, does not require authentication, which allows remote attackers to list directories and read files. NOTE: this can be leveraged for listings outside the configured directory tree by exploiting a separate directory traversal vulnerability.

All CVEs for webwiz

CVE-2019-25442 webwiz vulnerability CVSS: 0 22 Feb 2026, 14:16 UTC

Web Wiz Forums 12.01 contains an SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries by injecting SQL code through the PF parameter. Attackers can send GET requests to member_profile.asp with malicious PF values to extract sensitive database information.

CVE-2009-5019 webwiz vulnerability CVSS: 5.0 01 Dec 2010, 16:06 UTC

Web Wiz NewsPad stores sensitive information under the web root with insufficient access control, which allows remote attackers to download a database via a direct request for database/NewsPad.mdb.

CVE-2008-0466 webwiz vulnerability CVSS: 5.0 29 Jan 2008, 00:00 UTC

Web Wiz RTE_file_browser.asp in, as used in Web Wiz Rich Text Editor 4.0, Web Wiz Forums 9.07, and Web Wiz Newspad 1.02, does not require authentication, which allows remote attackers to list directories and read files. NOTE: this can be leveraged for listings outside the configured directory tree by exploiting a separate directory traversal vulnerability.

CVE-2006-6212 webwiz vulnerability CVSS: 7.5 01 Dec 2006, 01:28 UTC

PHP remote file inclusion vulnerability in centre.php in Site News (site_news) 2.00, and possibly earlier, allows remote attackers to execute arbitrary PHP code via a URL in the page parameter. NOTE: The provenance of this information is unknown; the details are obtained solely from third party information.

CVE-2006-0175 webwiz vulnerability CVSS: 4.3 11 Jan 2006, 21:03 UTC

Cross-site scripting (XSS) vulnerability in search_form.asp in Web Wiz Forums 6.34 allows remote attackers to inject arbitrary web script or HTML via the search parameter.

CVE-2005-4606 webwiz vulnerability CVSS: 7.5 31 Dec 2005, 05:00 UTC

SQL injection vulnerability in check_user.asp in multiple Web Wiz products including (1) Site News 3.06 and earlier, (2) Journal 1.0 and earlier, (3) Polls 3.06 and earlier, and (4) and Database Login 1.71 and earlier allows remote attackers to execute arbitrary SQL commands via the txtUserName parameter.

CVE-2004-2733 webwiz vulnerability CVSS: 5.8 31 Dec 2004, 05:00 UTC

Web Wiz Forums 7.7a uses invalid logic to determine user privileges, which allows remote attackers to (1) block arbitrary IP addresses via pop_up_ip_blocking.asp or (2) modify topics via pop_up_topic_admin.asp.