Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
phpcms phpcms vulnerabilities and exploits
(subscribe to this query)
7.5
CVSSv2
CVE-2018-19127
A code injection vulnerability in /type.php in PHPCMS 2008 allows malicious users to write arbitrary content to a website cache file with a controllable filename, leading to arbitrary code execution. The PHP code is sent via the template parameter, and is written to a data/cache_...
Phpcms Phpcms 2008
1 Github repository
7.5
CVSSv2
CVE-2006-3019
Multiple PHP remote file inclusion vulnerabilities in phpCMS 1.2.1pl2 allow remote malicious users to execute arbitrary PHP code via a URL in the PHPCMS_INCLUDEPATH parameter to files in parser/include/ including (1) class.parser_phpcms.php, (2) class.session_phpcms.php, (3) clas...
Phpcms Phpcms 1.2.1 P12
10 EDB exploits
5
CVSSv2
CVE-2020-22200
Directory Traversal vulnerability in phpCMS 9.1.13 via the q parameter to public_get_suggest_keyword.
Phpcms Phpcms 9.1.13
7.5
CVSSv2
CVE-2011-0645
SQL injection vulnerability in data.php in PHPCMS 2008 V2 allows remote malicious users to execute arbitrary SQL commands via the where_time parameter in a get action.
Phpcms Phpcms 2008 2
2 EDB exploits
7.5
CVSSv2
CVE-2018-14399
libs\classes\attachment.class.php in PHPCMS 9.6.0 allows remote malicious users to upload and execute arbitrary PHP code via a .txt?.php#.jpg URI in the SRC attribute of an IMG element within info[content] JSON data to the index.php?m=member&c=index&a=register URI.
Phpcms Project Phpcms 9.6.0
7.5
CVSSv2
CVE-2011-0644
SQL injection vulnerability in include/admin/model_field.class.php in PHPCMS 2008 V2 allows remote malicious users to execute arbitrary SQL commands via the modelid parameter to flash_upload.php.
Phpcms Phpcms 2008 2
1 EDB exploit
4.3
CVSSv2
CVE-2013-5939
Multiple cross-site scripting (XSS) vulnerabilities in the Guestbook module for PHPCMS allow remote malicious users to inject arbitrary web script or HTML via the (1) list or (2) introduce parameter to index.php.
Phpcms Guesbook Module -
NA
CVE-2021-36425
Directory traversal vulnerability in phpcms 1.9.25 allows remote malicious users to delete arbitrary files via unfiltered $file parameter to unlink method in include/inc_act/act_ftptakeover.php file.
Phpwcms Phpwcms
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2023-30310
CVE-2024-21683
CVE-2024-22187
chrome
deserialization
XPath injection
CVE-2024-27842
denial of service
CVE-2024-24851
google
CVE-2024-35400
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2