Vulnerabilities > Phpcms

DATE CVE VULNERABILITY TITLE RISK
2021-06-16 CVE-2020-22203 SQL Injection vulnerability in PHPcms 2008
SQL Injection in phpCMS 2008 sp4 via the genre parameter to yp/job.php.
network
low complexity
phpcms CWE-89
7.5
2021-06-16 CVE-2020-22199 SQL Injection vulnerability in PHPcms 2007
SQL Injection vulnerability in phpCMS 2007 SP6 build 0805 via the digg_mod parameter to digg_add.php.
network
low complexity
phpcms CWE-89
7.5
2021-06-16 CVE-2020-22200 Path Traversal vulnerability in PHPcms 9.1.13
Directory Traversal vulnerability in phpCMS 9.1.13 via the q parameter to public_get_suggest_keyword.
network
low complexity
phpcms CWE-22
5.0
2021-06-16 CVE-2020-22201 Code Injection vulnerability in PHPcms 2008
phpCMS 2008 sp4 allowas remote malicious users to execute arbitrary php commands via the pagesize parameter to yp/product.php.
network
low complexity
phpcms CWE-94
6.5
2019-03-25 CVE-2019-10027 Cross-site Scripting vulnerability in PHPcms
PHPCMS 9.6.x through 9.6.3 has XSS via the mailbox (aka E-mail) field on the personal information screen.
network
phpcms CWE-79
3.5
2018-11-09 CVE-2018-19127 Code Injection vulnerability in PHPcms 2008
A code injection vulnerability in /type.php in PHPCMS 2008 allows attackers to write arbitrary content to a website cache file with a controllable filename, leading to arbitrary code execution.
network
low complexity
phpcms CWE-94
7.5
2018-08-05 CVE-2018-14940 Resource Exhaustion vulnerability in PHPcms 9.0
PHPCMS 9 allows remote attackers to cause a denial of service (resource consumption) via large font_size, height, and width parameters in an api.php?op=checkcode request.
network
low complexity
phpcms CWE-400
5.0
2014-05-14 CVE-2013-5939 Cross-Site Scripting vulnerability in PHPcms Guesbook Module
Multiple cross-site scripting (XSS) vulnerabilities in the Guestbook module for PHPCMS allow remote attackers to inject arbitrary web script or HTML via the (1) list or (2) introduce parameter to index.php.
network
phpcms CWE-79
4.3
2011-01-25 CVE-2011-0645 SQL Injection vulnerability in PHPcms 2008 2
SQL injection vulnerability in data.php in PHPCMS 2008 V2 allows remote attackers to execute arbitrary SQL commands via the where_time parameter in a get action.
network
low complexity
phpcms CWE-89
7.5
2011-01-25 CVE-2011-0644 SQL Injection vulnerability in PHPcms 2008 2
SQL injection vulnerability in include/admin/model_field.class.php in PHPCMS 2008 V2 allows remote attackers to execute arbitrary SQL commands via the modelid parameter to flash_upload.php.
network
low complexity
phpcms CWE-89
7.5