Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
phpwcms phpwcms vulnerabilities and exploits
(subscribe to this query)
5
CVSSv2
CVE-2005-3789
Multiple directory traversal vulnerabilities in phpwcms 1.2.5 allow remote malicious users to read arbitrary files via a .. (dot dot) in the (1) form_lang parameter in login.php and (2) the imgdir parameter in random_image.php.
Phpwcms Phpwcms 1.2.5 Dev
2 EDB exploits
2.6
CVSSv2
CVE-2006-2519
Directory traversal vulnerability in include/inc_ext/spaw/spaw_control.class.php in phpwcms 1.2.5-DEV allows remote malicious users to include arbitrary local files via .. (dot dot) sequences in the spaw_root parameter. NOTE: CVE analysis suggests that this issue is actually in S...
Phpwcms Phpwcms 1.2.5 Dev
5
CVSSv2
CVE-2018-12990
phpwcms 1.8.9 allows remote malicious users to discover the installation path via an invalid csrf_token_value field.
Phpwcms Phpwcms 1.8.9
5
CVSSv2
CVE-2006-6886
phpwcms 1.2.5-DEV allows remote malicious users to obtain sensitive information via a direct request for (1) files.public-userroot.inc.php or (2) files.private.additions.inc.php in include/inc_lib/, which reveals the path in various error messages.
Phpwcms Phpwcms 1.2.5 Dev
7.5
CVSSv2
CVE-2020-21784
phpwcms 1.9.13 is vulnerable to Code Injection via /phpwcms/setup/setup.php.
Phpwcms Phpwcms 1.9.13
6.8
CVSSv2
CVE-2007-5185
Multiple PHP remote file inclusion vulnerabilities in phpWCMS XT 0.0.7 BETA and previous versions allow remote malicious users to execute arbitrary PHP code via a URL in the HTML_MENU_DirPath parameter to (1) config_HTML_MENU.php and (2) config_PHPLM.php in phpwcms_template/inc_s...
Phpwcms-xt Phpwcms-xt
1 EDB exploit
10
CVSSv2
CVE-2006-7018
phpwcms 1.2.5-DEV and previous versions, and 1.1 before RC4, allows remote malicious users to execute arbitrary code via a crafted argument to the nome_evento parameter to phpwcms_code_snippets/mail_file_form.php and (2) sample_ext_php/mail_file_form.php, which is processed by th...
Oliver Georgi Phpwcms
7.8
CVSSv2
CVE-2006-7020
CRLF injection vulnerability in (1) include/inc_act/act_formmailer.php and possibly (2) sample_ext_php/mail_file_form.php in phpwcms 1.2.5-DEV and previous versions, and 1.1 before RC4, allows remote malicious users to modify HTTP headers and send spam e-mail via a spoofed HTTP R...
Oliver Georgi Phpwcms
7.5
CVSSv2
CVE-2013-1744
IRIS citations management tool up to and including 1.3 allows remote malicious users to execute arbitrary commands.
Iris Citations Management Tool Project Iris Citations Management Tool
1 EDB exploit
4.3
CVSSv2
CVE-2005-3790
Multiple cross-site scripting (XSS) vulnerabilities in act_newsletter.php in phpwcms 1.2.5 allow remote malicious users to inject arbitrary web script or HTML via the (1) i and (2) text parameters.
1 EDB exploit
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
camera
bypass
CVE-2024-3592
CVE-2024-37383
CVE-2024-24919
CVE-2024-27822
CVE-2024-36788
CVE-2024-36789
man-in-the-middle
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2