CVE-2020-22203

SQL Injection in phpCMS 2008 sp4 via the genre parameter to yp/job.php...

CVE-2020-22201

In the provided documents, the affected software is phpcMS 2008 sp4. The vulnerability arises in the yp/product.php endpoint, where the pagesize parameter can be exploited by remote malicious users to execute arbitrary PHP commands (command injection). The root cause is improper handling of the p...

CVE-2020-22201

phpCMS 2008 sp4 allowas remote malicious users to execute arbitrary php commands via the pagesize parameter to yp/product.php...

CVE-2020-22200

Directory Traversal vulnerability in phpCMS 9.1.13 via the q parameter to publicgetsuggestkeyword...

CVE-2020-22200

The CVE-2020-22200 entry concerns phpcms 9.1.13 with a directory traversal flaw exploitable via the q parameter to public_get_suggest_keyword. Affected component: phpcms web CMS (PHP/MySQL stack). Root cause: improper handling of user-supplied q parameter allowing path traversal. Impact stated as...

CVE-2020-22199

CVE-2020-22199 is a SQL injection vulnerability in phpCMS 2007 SP6 build 0805, exploitable via the digg_mod parameter to digg_add.php. Affected component is phpCMS’s PHP/MySQL-based web CMS; root cause is insecure handling of the digg_mod parameter leading to SQL statements being injected. CVSS m...

CVE-2020-22199

SQL Injection vulnerability in phpCMS 2007 SP6 build 0805 via the diggmod parameter to diggadd.php...

PT-2021-10745 · Phpcms · Phpcms

Name of the Vulnerable Software and Affected Versions: phpCMS 2008 sp4 Description: The issue allows remote malicious users to execute arbitrary php commands. This is achieved via the pagesize parameter to the "yp/product.php" endpoint. Recommendations: For phpCMS 2008 sp4, consider restricting...

PHPCMS 路径遍历漏洞

phpcms is a web content management system based on PHP and Mysql architecture. The system includes modules such as news, pictures, downloads, information, products and so on. A path traversal vulnerability exists in phpcms version 9.1.13. An attacker can exploit this vulnerability to perform...

PHPCMS SQL注入漏洞

PHPCMS is a web content management system based on PHP and Mysql architecture. The system includes modules such as news, images, downloads, information, products and so on. A SQL injection vulnerability exists in phpCMS because the genre parameter in the yp/job.php file is not handled securely,...

Command Execution Vulnerability in FangfaCMS

Method Digital Web Content Management System FangfaCms is a PHPCMS web management system. A command execution vulnerability exists in FangfaCMS, which can be exploited by an attacker to gain server control privileges...

PHPCMS version 9.1.5 to 9.6.3 SQL Injection Vulnerability in Member Module me***_mo***.php

PHPCMS uses PHP5+MYSQL as the technical basis for development.V9 uses OOP object-oriented approach to build the basic operational framework. PHPCMS 9.1.5 to 9.6.3 version of the membership module memo.php SQL injection vulnerability, attackers can use the vulnerability to obtain database sensitiv...

PHPCMS me***.php page suffers from SQL injection vulnerability

PHPCMS is a web content management system based on PHP and Mysql architecture. A SQL injection vulnerability exists in the PHPCMS me.php page, which can be exploited by attackers to obtain sensitive information from the database...

File upload vulnerability in phpcms

PHPCMS uses PHP5+MYSQL as the technical basis for development.V9 uses OOP object-oriented approach to build the basic operational framework. A file upload vulnerability exists in phpcms, which can be exploited by attackers to gain control of the web server...

PHPCMS suffers from a file upload vulnerability (CNVD-2019-30562)

PHPCMS is a web content management system based on PHP and Mysql architecture. A file upload vulnerability exists in PHPCMS, which can be exploited by attackers to gain control of a web server...

PHPCMS has a file upload vulnerability

PHPCMS is a web content management system based on PHP and Mysql architecture. A file upload vulnerability exists in PHPCMS, which can be exploited by attackers to gain control of a web server...

PHPCMS 2008 type.php Code Injection (CVE-2018-19127)

A code injection vulnerability exists in PHPCMS 2008. An attacker could write arbitrary content to a website cache file with a controllable filename. Successful exploitation of this vulnerability could lead to arbitrary code execution...

CVE-2019-10027

PHPCMS 9.6.x through 9.6.3 has XSS via the mailbox aka E-mail field on the personal information screen...

Code injection

PHPCMS 9.6.x through 9.6.3 has XSS via the mailbox aka E-mail field on the personal information screen...

CVE-2019-10027

PHPCMS 9.6.x–9.6.3 is affected by a cross-site scripting (XSS) vulnerability in the mailbox (E-mail) field on the personal information screen. The root cause is described as XSS, but the provided documents do not specify the exact vulnerable code path, affected components, or versions beyond 9.6....