Vulnerabilities > Phpcms

DATE	CVE	VULNERABILITY TITLE	RISK
2022-06-15	CVE-2021-40910	Cross-site Scripting vulnerability in PHPcms 9.6.3 There is a reflective cross-site scripting (XSS) vulnerability in the PHPCMS V9.6.3 management side. network phpcms CWE-79	4.3
2021-06-16	CVE-2020-22203	SQL Injection vulnerability in PHPcms 2008 SQL Injection in phpCMS 2008 sp4 via the genre parameter to yp/job.php. network low complexity phpcms CWE-89	7.5
2021-06-16	CVE-2020-22199	SQL Injection vulnerability in PHPcms 2007 SQL Injection vulnerability in phpCMS 2007 SP6 build 0805 via the digg_mod parameter to digg_add.php. network low complexity phpcms CWE-89	7.5
2021-06-16	CVE-2020-22200	Path Traversal vulnerability in PHPcms 9.1.13 Directory Traversal vulnerability in phpCMS 9.1.13 via the q parameter to public_get_suggest_keyword. network low complexity phpcms CWE-22	5.0
2021-06-16	CVE-2020-22201	Code Injection vulnerability in PHPcms 2008 phpCMS 2008 sp4 allowas remote malicious users to execute arbitrary php commands via the pagesize parameter to yp/product.php. network low complexity phpcms CWE-94	8.8
2019-03-25	CVE-2019-10027	Cross-site Scripting vulnerability in PHPcms PHPCMS 9.6.x through 9.6.3 has XSS via the mailbox (aka E-mail) field on the personal information screen. network phpcms CWE-79	3.5
2018-11-09	CVE-2018-19127	Code Injection vulnerability in PHPcms 2008 A code injection vulnerability in /type.php in PHPCMS 2008 allows attackers to write arbitrary content to a website cache file with a controllable filename, leading to arbitrary code execution. network low complexity phpcms CWE-94	7.5
2018-08-05	CVE-2018-14940	Resource Exhaustion vulnerability in PHPcms 9.0 PHPCMS 9 allows remote attackers to cause a denial of service (resource consumption) via large font_size, height, and width parameters in an api.php?op=checkcode request. network low complexity phpcms CWE-400	5.0
2014-05-14	CVE-2013-5939	Cross-Site Scripting vulnerability in PHPcms Guesbook Module Multiple cross-site scripting (XSS) vulnerabilities in the Guestbook module for PHPCMS allow remote attackers to inject arbitrary web script or HTML via the (1) list or (2) introduce parameter to index.php. network phpcms CWE-79	4.3
2011-01-25	CVE-2011-0645	SQL Injection vulnerability in PHPcms 2008 2 SQL injection vulnerability in data.php in PHPCMS 2008 V2 allows remote attackers to execute arbitrary SQL commands via the where_time parameter in a get action. network low complexity phpcms CWE-89	7.5

Vulnerabilities > Phpcms {"@context":"https://schema.org","@type":"BreadcrumbList","itemListElement":[{"@type":"ListItem","position":1,"name":"Vulnerabilities","item":"https://cyber.vumetric.com/vulns/"},{"@type":"ListItem","position":2,"name":"Phpcms"}]}

Vulnerabilities > Phpcms