Vulnerabilities > Phpwcms > Phpwcms > 1.9.0
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2023-02-03 | CVE-2021-36424 | Code Injection vulnerability in PHPwcms An issue discovered in phpwcms 1.9.25 allows remote attackers to run arbitrary code via DB user field during installation. | 9.8 |
| 2023-02-03 | CVE-2021-36425 | Path Traversal vulnerability in PHPwcms Directory traversal vulnerability in phpcms 1.9.25 allows remote attackers to delete arbitrary files via unfiltered $file parameter to unlink method in include/inc_act/act_ftptakeover.php file. | 5.4 |
| 2023-02-03 | CVE-2021-36426 | Unrestricted Upload of File with Dangerous Type vulnerability in PHPwcms File Upload vulnerability in phpwcms 1.9.25 allows remote attackers to run arbitrary code via crafted file upload to include/inc_lib/general.inc.php. | 8.8 |
| 2023-01-07 | CVE-2021-4301 | SQL Injection vulnerability in PHPwcms A vulnerability was found in slackero phpwcms up to 1.9.26 and classified as critical. | 9.8 |
| 2023-01-04 | CVE-2021-4302 | Cross-site Scripting vulnerability in PHPwcms A vulnerability was found in slackero phpwcms up to 1.9.26. | 6.1 |
| 2021-09-08 | CVE-2020-19855 | Cross-site Scripting vulnerability in PHPwcms 1.9.0 phpwcms v1.9 contains a cross-site scripting (XSS) vulnerability in /image_zoom.php. | 4.3 |