CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

43 matches found

PHPCMS 2008 - Remote Code Execution via Template Injection

PHPCMS 2008 suffers from an unauthenticated RCE via template injection in type.php, where attacker-supplied content is written into a PHP template cache file, which is then executable. id: CVE-2018-19127 info: name: PHPCMS 2008 - Remote Code Execution via Template Injection author: tomaquet18...

9.8CVSS7.3AI score0.84485EPSS

Exploits0References3

EUVD•added 2025/10/07 12:30 a.m.•1 views

EUVD-2020-14968

Malware in sbrugna...

9.8CVSS9.2AI score0.00286EPSS

Exploits1References2

EUVD•added 2025/10/07 12:30 a.m.•2 views

EUVD-2011-0662

Malware in sbrugna...

7.5CVSS6.4AI score0.00265EPSS

Exploits1References6

EUVD•added 2025/10/07 12:30 a.m.•2 views

EUVD-2011-0663

Malware in sbrugna...

7.5CVSS6.4AI score0.00308EPSS

Exploits1References5

RedhatCVE•added 2025/05/22 3:18 p.m.•3 views

CVE-2020-22203

SQL Injection in phpCMS 2008 sp4 via the genre parameter to yp/job.php...

9.8CVSS8.2AI score0.00286EPSS

Exploits1

NVD•added 2021/06/16 6:15 p.m.•13 views

CVE-2020-22203

SQL Injection in phpCMS 2008 sp4 via the genre parameter to yp/job.php...

9.8CVSS0.00286EPSS

Exploits1References1

Prion•added 2021/06/16 6:15 p.m.•12 views

Sql injection

SQL Injection in phpCMS 2008 sp4 via the genre parameter to yp/job.php...

7.5CVSS9.7AI score0.00286EPSS

Exploits1References1Affected Software1

Prion•added 2021/06/16 5:15 p.m.•12 views

Design/Logic Flaw

phpCMS 2008 sp4 allowas remote malicious users to execute arbitrary php commands via the pagesize parameter to yp/product.php...

6.5CVSS8.9AI score0.00373EPSS

Exploits1References2Affected Software1

Cvelist•added 2021/06/16 5:5 p.m.•16 views

CVE-2020-22203

SQL Injection in phpCMS 2008 sp4 via the genre parameter to yp/job.php...

9.9AI score0.00286EPSS

Exploits1References1

CVE•added 2021/06/16 4:50 p.m.•42 views

CVE-2020-22201

In the provided documents, the affected software is phpcMS 2008 sp4. The vulnerability arises in the yp/product.php endpoint, where the pagesize parameter can be exploited by remote malicious users to execute arbitrary PHP commands (command injection). The root cause is improper handling of the p...

8.8CVSS8.9AI score0.00373EPSS

Exploits1References2Affected Software1

Cvelist•added 2021/06/16 4:50 p.m.•12 views

CVE-2020-22201

phpCMS 2008 sp4 allowas remote malicious users to execute arbitrary php commands via the pagesize parameter to yp/product.php...

9.1AI score0.00373EPSS

Exploits1References2

Check Point Advisories•added 2019/03/27 12:0 a.m.•5 views

PHPCMS 2008 type.php Code Injection (CVE-2018-19127)

A code injection vulnerability exists in PHPCMS 2008. An attacker could write arbitrary content to a website cache file with a controllable filename. Successful exploitation of this vulnerability could lead to arbitrary code execution...

7.5CVSS3.5AI score0.84485EPSS

Exploits0

Prion•added 2018/11/09 12:29 p.m.•7 views

Code injection

A code injection vulnerability in /type.php in PHPCMS 2008 allows attackers to write arbitrary content to a website cache file with a controllable filename, leading to arbitrary code execution. The PHP code is sent via the template parameter, and is written to a data/cachetemplate/.tpl.php file...

7.5CVSS9.7AI score0.84485EPSS

Exploits0References1Affected Software1

NVD•added 2018/11/09 12:29 p.m.•9 views

CVE-2018-19127

9.8CVSS9.7AI score0.84485EPSS

Exploits0References1

CVE•added 2018/11/09 12:0 p.m.•48 views

CVE-2018-19127

PHPCMS 2008 is affected by CVE-2018-19127 due to an unauthenticated remote code execution via template injection in /type.php. Attacker-supplied content is written to a PHP template cache file under data/cache_template/*.tpl.php, appended with a "

9.8CVSS9.7AI score0.84485EPSS

Exploits0References1Affected Software1