Vulnerabilities > Phpwcms > Phpwcms > 1.8.9
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2023-02-03 | CVE-2021-36424 | Code Injection vulnerability in PHPwcms An issue discovered in phpwcms 1.9.25 allows remote attackers to run arbitrary code via DB user field during installation. | 9.8 |
2023-02-03 | CVE-2021-36425 | Path Traversal vulnerability in PHPwcms Directory traversal vulnerability in phpcms 1.9.25 allows remote attackers to delete arbitrary files via unfiltered $file parameter to unlink method in include/inc_act/act_ftptakeover.php file. | 5.4 |
2023-02-03 | CVE-2021-36426 | Unrestricted Upload of File with Dangerous Type vulnerability in PHPwcms File Upload vulnerability in phpwcms 1.9.25 allows remote attackers to run arbitrary code via crafted file upload to include/inc_lib/general.inc.php. | 8.8 |
2023-01-07 | CVE-2021-4301 | SQL Injection vulnerability in PHPwcms A vulnerability was found in slackero phpwcms up to 1.9.26 and classified as critical. | 9.8 |
2023-01-04 | CVE-2021-4302 | Cross-site Scripting vulnerability in PHPwcms A vulnerability was found in slackero phpwcms up to 1.9.26. | 6.1 |
2018-06-30 | CVE-2018-12990 | Information Exposure vulnerability in PHPwcms 1.8.9 phpwcms 1.8.9 allows remote attackers to discover the installation path via an invalid csrf_token_value field. | 5.0 |
2017-10-24 | CVE-2017-15872 | Cross-site Scripting vulnerability in PHPwcms 1.8.9 phpwcms 1.8.9 has XSS in include/inc_tmpl/admin.edituser.tmpl.php and include/inc_tmpl/admin.newuser.tmpl.php via the username (aka new_login) field. | 3.5 |