Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact

phpwcms phpwcms 1.2.5 dev vulnerabilities and exploits

(subscribe to this query)
NA
CVE-2005-3789
Multiple directory traversal vulnerabilities in phpwcms 1.2.5 allow remote malicious users to read arbitrary files via a .. (dot dot) in the (1) form_lang parameter in login.php and (2) the imgdir parameter in random_image.php.
Phpwcms Phpwcms 1.2.5 Dev
NA
CVE-2006-2518
Cross-site scripting (XSS) vulnerability in phpwcms 1.2.5-DEV allows remote malicious users to inject arbitrary web script or HTML via the BL[be_cnt_plainhtml] parameter to include/inc_tmpl/content/cnt6.inc.php.
Phpwcms Phpwcms 1.2.5 Dev
NA
CVE-2006-6886
phpwcms 1.2.5-DEV allows remote malicious users to obtain sensitive information via a direct request for (1) files.public-userroot.inc.php or (2) files.private.additions.inc.php in include/inc_lib/, which reveals the path in various error messages.
Phpwcms Phpwcms 1.2.5 Dev
NA
CVE-2006-7019
phpwcms 1.2.5-DEV and previous versions, and 1.1 before RC4, allows remote malicious users to execute arbitrary code via crafted arguments to the (1) text_evento and (2) email_eventonome_evento parameters to phpwcms_code_snippets/mail_file_form.php and sample_ext_php/mail_file_fo...
Phpwcms Phpwcms
NA
CVE-2006-2519
Directory traversal vulnerability in include/inc_ext/spaw/spaw_control.class.php in phpwcms 1.2.5-DEV allows remote malicious users to include arbitrary local files via .. (dot dot) sequences in the spaw_root parameter. NOTE: CVE analysis suggests that this issue is actually in S...
Phpwcms Phpwcms 1.2.5 Dev
NA
CVE-2006-7018
phpwcms 1.2.5-DEV and previous versions, and 1.1 before RC4, allows remote malicious users to execute arbitrary code via a crafted argument to the nome_evento parameter to phpwcms_code_snippets/mail_file_form.php and (2) sample_ext_php/mail_file_form.php, which is processed by th...
Oliver Georgi Phpwcms
NA
CVE-2006-7020
CRLF injection vulnerability in (1) include/inc_act/act_formmailer.php and possibly (2) sample_ext_php/mail_file_form.php in phpwcms 1.2.5-DEV and previous versions, and 1.1 before RC4, allows remote malicious users to modify HTTP headers and send spam e-mail via a spoofed HTTP R...
Oliver Georgi Phpwcms
NA
CVE-2005-3790
Multiple cross-site scripting (XSS) vulnerabilities in act_newsletter.php in phpwcms 1.2.5 allow remote malicious users to inject arbitrary web script or HTML via the (1) i and (2) text parameters.
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
bypassopen redirectCVE-2024-4358CVE-2024-24199CVE-2024-5550CVE-2024-5305CVE-2024-30373CVE-2024-1800deserialization
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook