Vulnerabilities > Phpcms

DATE	CVE	VULNERABILITY TITLE	RISK
2011-01-25	CVE-2011-0644	SQL Injection vulnerability in PHPcms 2008 2 SQL injection vulnerability in include/admin/model_field.class.php in PHPCMS 2008 V2 allows remote attackers to execute arbitrary SQL commands via the modelid parameter to flash_upload.php. network low complexity phpcms CWE-89	7.5
2008-01-31	CVE-2008-0513	Path Traversal vulnerability in PHPcms 1.2.2 Directory traversal vulnerability in parser/include/class.cache_phpcms.php in phpCMS 1.2.2 allows remote attackers to read arbitrary files via a .. network low complexity phpcms CWE-22	7.8
2006-06-15	CVE-2006-3019	Code Injection vulnerability in PHPcms 1.2.1P12 Multiple PHP remote file inclusion vulnerabilities in phpCMS 1.2.1pl2 allow remote attackers to execute arbitrary PHP code via a URL in the PHPCMS_INCLUDEPATH parameter to files in parser/include/ including (1) class.parser_phpcms.php, (2) class.session_phpcms.php, (3) class.edit_phpcms.php, (4) class.http_indexer_phpcms.php, (5) class.cache_phpcms.php, (6) class.search_phpcms.php, (7) class.lib_indexer_universal_phpcms.php, and (8) class.layout_phpcms.php, (9) parser/plugs/counter.php, and (10) parser/parser.php. network low complexity phpcms CWE-94	7.5
2005-06-02	CVE-2005-1840	Directory Traversal vulnerability in phpCMS Directory traversal vulnerability in class.layout_phpcms.php in phpCMS 1.2.x before 1.2.1pl2 allows remote attackers to read or include arbitrary files, as demonstrated using a .. network low complexity phpcms	5.0
2005-01-10	CVE-2004-1203	Information Disclosure vulnerability in PHPcms 1.1.9/1.2.0/1.2.1 parser.php in phpCMS 1.2.1 and earlier, with non-stealth and debug modes enabled, allows remote attackers to gain sensitive information via an invalid file parameter, which reveals the web server's installation path. network low complexity phpcms	5.0
2005-01-10	CVE-2004-1202	Cross-Site Scripting vulnerability in PHPcms 1.1.9/1.2/1.2.1 Cross-site scripting (XSS) vulnerability in parser.php in phpCMS 1.2.1 and earlier, with non-stealth and debug modes enabled, allows remote attackers to inject arbitrary web script or HTML via the file parameter. network phpcms	6.8

Vulnerabilities > Phpcms {"@context":"https://schema.org","@type":"BreadcrumbList","itemListElement":[{"@type":"ListItem","position":1,"name":"Vulnerabilities","item":"https://cyber.vumetric.com/vulns/"},{"@type":"ListItem","position":2,"name":"Phpcms"}]}

Vulnerabilities > Phpcms