CVE-2021-36424

2023-02-0318:15:09

Google

osv.dev

phpwcms

remote attackers

arbitrary code

database field

9.6 High

AI Score

Confidence

High

0.007 Low

EPSS

Percentile

80.9%

JSON

An issue discovered in phpwcms 1.9.25 allows remote attackers to run arbitrary code via DB user field during installation.

CPENameOperatorVersion
phpwcmseqphpwcms-1.9.3
phpwcmseq1.9.23
phpwcmseq1.9.20
phpwcmseqphpwmcs-1.9.0-beta.8
phpwcmseqphpwcms-1.7.3
phpwcmseqphpwcms-1.9.0-beta.6
phpwcmseqphpwcms-1.9.0-beta.7
phpwcmseqphpwcms-1.8.0
phpwcmseq1.9.7
phpwcmseqphpwcms-1.6.529

Name	Operator	Version
phpwcms	eq	phpwcms-1.9.3
phpwcms	eq	1.9.23
phpwcms	eq	1.9.20
phpwcms	eq	phpwmcs-1.9.0-beta.8
phpwcms	eq	phpwcms-1.7.3
phpwcms	eq	phpwcms-1.9.0-beta.6
phpwcms	eq	phpwcms-1.9.0-beta.7
phpwcms	eq	phpwcms-1.8.0
phpwcms	eq	1.9.7
phpwcms	eq	phpwcms-1.6.529

Rows per page:

1-10 of 491

References

github.com/slackero/phpwcms/issues/310