Vulnerabilities > Phpwcms > Medium

DATE CVE VULNERABILITY TITLE RISK
2023-02-03 CVE-2021-36425 Path Traversal vulnerability in PHPwcms
Directory traversal vulnerability in phpcms 1.9.25 allows remote attackers to delete arbitrary files via unfiltered $file parameter to unlink method in include/inc_act/act_ftptakeover.php file.
network
low complexity
phpwcms CWE-22
5.4
5.4
2023-01-04 CVE-2021-4302 Cross-site Scripting vulnerability in PHPwcms
A vulnerability was found in slackero phpwcms up to 1.9.26.
network
low complexity
phpwcms CWE-79
6.1
6.1
2021-09-08 CVE-2020-19855 Cross-site Scripting vulnerability in PHPwcms 1.9.0
phpwcms v1.9 contains a cross-site scripting (XSS) vulnerability in /image_zoom.php.
network
phpwcms CWE-79
4.3
4.3
2018-06-30 CVE-2018-12990 Information Exposure vulnerability in PHPwcms 1.8.9
phpwcms 1.8.9 allows remote attackers to discover the installation path via an invalid csrf_token_value field.
network
low complexity
phpwcms CWE-200
5.0
5.0
2011-09-24 CVE-2011-3789 Information Exposure vulnerability in PHPwcms 1.4.7
phpwcms 1.4.7 r412 allows remote attackers to obtain sensitive information via a direct request to a .php file, which reveals the installation path in an error message, as demonstrated by template/inc_script/frontend_render/disabled/majonavi.php and certain other files.
network
low complexity
phpwcms CWE-200
5.0
5.0
2006-12-31 CVE-2006-6886 Information Exposure vulnerability in PHPwcms 1.2.5Dev
phpwcms 1.2.5-DEV allows remote attackers to obtain sensitive information via a direct request for (1) files.public-userroot.inc.php or (2) files.private.additions.inc.php in include/inc_lib/, which reveals the path in various error messages.
network
low complexity
phpwcms CWE-200
5.0
5.0
2005-11-24 CVE-2005-3790 Cross-Site Scripting vulnerability in PHPWCMS
Multiple cross-site scripting (XSS) vulnerabilities in act_newsletter.php in phpwcms 1.2.5 allow remote attackers to inject arbitrary web script or HTML via the (1) i and (2) text parameters.
network
phpwcms
4.3
4.3
2005-11-24 CVE-2005-3789 Unspecified vulnerability in PHPwcms 1.2.5Dev
Multiple directory traversal vulnerabilities in phpwcms 1.2.5 allow remote attackers to read arbitrary files via a ..
network
low complexity
phpwcms
5.0
5.0