Vulnerabilities > Phpwcms > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2023-02-03 | CVE-2021-36425 | Path Traversal vulnerability in PHPwcms Directory traversal vulnerability in phpcms 1.9.25 allows remote attackers to delete arbitrary files via unfiltered $file parameter to unlink method in include/inc_act/act_ftptakeover.php file. | 5.4 |
| 2023-01-04 | CVE-2021-4302 | Unspecified vulnerability in PHPwcms A vulnerability was found in slackero phpwcms up to 1.9.26. | 6.1 |
| 2021-09-08 | CVE-2020-19855 | Cross-site Scripting vulnerability in PHPwcms 1.9.0 phpwcms v1.9 contains a cross-site scripting (XSS) vulnerability in /image_zoom.php. | 6.1 |
| 2018-06-30 | CVE-2018-12990 | Information Exposure vulnerability in PHPwcms 1.8.9 phpwcms 1.8.9 allows remote attackers to discover the installation path via an invalid csrf_token_value field. | 5.3 |
| 2017-10-24 | CVE-2017-15872 | Cross-site Scripting vulnerability in PHPwcms 1.8.9 phpwcms 1.8.9 has XSS in include/inc_tmpl/admin.edituser.tmpl.php and include/inc_tmpl/admin.newuser.tmpl.php via the username (aka new_login) field. | 4.8 |