Vulnerabilities > Phpwcms > Phpwcms > 1.2.5.dev

DATE CVE VULNERABILITY TITLE RISK
2006-12-31 CVE-2006-6886 Information Exposure vulnerability in PHPwcms 1.2.5Dev
phpwcms 1.2.5-DEV allows remote attackers to obtain sensitive information via a direct request for (1) files.public-userroot.inc.php or (2) files.private.additions.inc.php in include/inc_lib/, which reveals the path in various error messages.
network
low complexity
phpwcms CWE-200
5.0
5.0
2006-05-22 CVE-2006-2519 Local File Include vulnerability in PHPwcms 1.2.5Dev
Directory traversal vulnerability in include/inc_ext/spaw/spaw_control.class.php in phpwcms 1.2.5-DEV allows remote attackers to include arbitrary local files via ..
network
high complexity
phpwcms
2.6
2.6
2006-05-22 CVE-2006-2518 Cross-Site Scripting vulnerability in PHPwcms 1.2.5Dev
Cross-site scripting (XSS) vulnerability in phpwcms 1.2.5-DEV allows remote attackers to inject arbitrary web script or HTML via the BL[be_cnt_plainhtml] parameter to include/inc_tmpl/content/cnt6.inc.php.
network
high complexity
phpwcms
2.6
2.6
2005-11-24 CVE-2005-3790 Cross-Site Scripting vulnerability in PHPWCMS
Multiple cross-site scripting (XSS) vulnerabilities in act_newsletter.php in phpwcms 1.2.5 allow remote attackers to inject arbitrary web script or HTML via the (1) i and (2) text parameters.
network
phpwcms
4.3
4.3
2005-11-24 CVE-2005-3789 Unspecified vulnerability in PHPwcms 1.2.5Dev
Multiple directory traversal vulnerabilities in phpwcms 1.2.5 allow remote attackers to read arbitrary files via a ..
network
low complexity
phpwcms
5.0
5.0