Vulnerabilities > Phpwcms

DATE	CVE	VULNERABILITY TITLE	RISK
2023-02-03	CVE-2021-36424	Code Injection vulnerability in PHPwcms An issue discovered in phpwcms 1.9.25 allows remote attackers to run arbitrary code via DB user field during installation. network low complexity phpwcms CWE-94 critical	9.8
2023-02-03	CVE-2021-36425	Path Traversal vulnerability in PHPwcms Directory traversal vulnerability in phpcms 1.9.25 allows remote attackers to delete arbitrary files via unfiltered $file parameter to unlink method in include/inc_act/act_ftptakeover.php file. network low complexity phpwcms CWE-22	5.4
2023-02-03	CVE-2021-36426	Unrestricted Upload of File with Dangerous Type vulnerability in PHPwcms File Upload vulnerability in phpwcms 1.9.25 allows remote attackers to run arbitrary code via crafted file upload to include/inc_lib/general.inc.php. network low complexity phpwcms CWE-434	8.8
2023-01-07	CVE-2021-4301	SQL Injection vulnerability in PHPwcms A vulnerability was found in slackero phpwcms up to 1.9.26 and classified as critical. network low complexity phpwcms CWE-89 critical	9.8
2023-01-04	CVE-2021-4302	Cross-site Scripting vulnerability in PHPwcms A vulnerability was found in slackero phpwcms up to 1.9.26. network low complexity phpwcms CWE-79	6.1
2021-09-08	CVE-2020-19855	Cross-site Scripting vulnerability in PHPwcms 1.9.0 phpwcms v1.9 contains a cross-site scripting (XSS) vulnerability in /image_zoom.php. network phpwcms CWE-79	4.3
2021-06-24	CVE-2020-21784	Code Injection vulnerability in PHPwcms 1.9.13 phpwcms 1.9.13 is vulnerable to Code Injection via /phpwcms/setup/setup.php. network low complexity phpwcms CWE-94 critical	9.8
2018-06-30	CVE-2018-12990	Information Exposure vulnerability in PHPwcms 1.8.9 phpwcms 1.8.9 allows remote attackers to discover the installation path via an invalid csrf_token_value field. network low complexity phpwcms CWE-200	5.0
2017-10-24	CVE-2017-15872	Cross-site Scripting vulnerability in PHPwcms 1.8.9 phpwcms 1.8.9 has XSS in include/inc_tmpl/admin.edituser.tmpl.php and include/inc_tmpl/admin.newuser.tmpl.php via the username (aka new_login) field. network phpwcms CWE-79	3.5
2011-09-24	CVE-2011-3789	Information Exposure vulnerability in PHPwcms 1.4.7 phpwcms 1.4.7 r412 allows remote attackers to obtain sensitive information via a direct request to a .php file, which reveals the installation path in an error message, as demonstrated by template/inc_script/frontend_render/disabled/majonavi.php and certain other files. network low complexity phpwcms CWE-200	5.0

Vulnerabilities > Phpwcms {"@context":"https://schema.org","@type":"BreadcrumbList","itemListElement":[{"@type":"ListItem","position":1,"name":"Vulnerabilities","item":"https://cyber.vumetric.com/vulns/"},{"@type":"ListItem","position":2,"name":"Phpwcms"}]}

Vulnerabilities > Phpwcms