Vulnerabilities > Phpwcms > Phpwcms > 1.9.24

DATE CVE VULNERABILITY TITLE RISK
2023-02-03 CVE-2021-36424 Code Injection vulnerability in PHPwcms
An issue discovered in phpwcms 1.9.25 allows remote attackers to run arbitrary code via DB user field during installation.
network
low complexity
phpwcms CWE-94
critical
 9.8
9.8
2023-02-03 CVE-2021-36425 Path Traversal vulnerability in PHPwcms
Directory traversal vulnerability in phpcms 1.9.25 allows remote attackers to delete arbitrary files via unfiltered $file parameter to unlink method in include/inc_act/act_ftptakeover.php file.
network
low complexity
phpwcms CWE-22
5.4
5.4
2023-02-03 CVE-2021-36426 Unrestricted Upload of File with Dangerous Type vulnerability in PHPwcms
File Upload vulnerability in phpwcms 1.9.25 allows remote attackers to run arbitrary code via crafted file upload to include/inc_lib/general.inc.php.
network
low complexity
phpwcms CWE-434
8.8
8.8
2023-01-07 CVE-2021-4301 SQL Injection vulnerability in PHPwcms
A vulnerability was found in slackero phpwcms up to 1.9.26 and classified as critical.
network
low complexity
phpwcms CWE-89
critical
 9.8
9.8
2023-01-04 CVE-2021-4302 Unspecified vulnerability in PHPwcms
A vulnerability was found in slackero phpwcms up to 1.9.26.
network
low complexity
phpwcms
6.1
6.1