CVE-2019-10027

PHPCMS 9.6.x through 9.6.3 has XSS via the mailbox aka E-mail field on the personal information screen...

PHPCMS has an xss vulnerability

PHPCMS is a web content management system based on PHP and Mysql architecture. An xss vulnerability exists in PHPCMS. An attacker can exploit the vulnerability to obtain sensitive information such as user cookies...

Code Execution Vulnerability in PHPCMS 2008 sp4 System

PHPCMS is a web content management system based on PHP and Mysql architecture. A code execution vulnerability exists in PHPCMS 2008 sp4. An attacker can exploit this vulnerability to execute arbitrary code...

PHPCMS Code Injection Vulnerability

PHPCMS is a website content management system based on PHP and Mysql architecture, which includes modules such as news, pictures, downloads, information and products. A code injection vulnerability exists in PHPCMS 2008, which can be exploited to write arbitrary content to the website cache and...

CVE-2018-19127

A code injection vulnerability in /type.php in PHPCMS 2008 allows attackers to write arbitrary content to a website cache file with a controllable filename, leading to arbitrary code execution. The PHP code is sent via the template parameter, and is written to a data/cachetemplate/.tpl.php file...

Code injection

A code injection vulnerability in /type.php in PHPCMS 2008 allows attackers to write arbitrary content to a website cache file with a controllable filename, leading to arbitrary code execution. The PHP code is sent via the template parameter, and is written to a data/cachetemplate/.tpl.php file...

CVE-2018-19127

A code injection vulnerability in /type.php in PHPCMS 2008 allows attackers to write arbitrary content to a website cache file with a controllable filename, leading to arbitrary code execution. The PHP code is sent via the template parameter, and is written to a data/cachetemplate/.tpl.php file...

CVE-2018-19127

PHPCMS 2008 is affected by CVE-2018-19127 due to an unauthenticated remote code execution via template injection in /type.php. Attacker-supplied content is written to a PHP template cache file under data/cache_template/*.tpl.php, appended with a "

CVE-2018-19127

A code injection vulnerability in /type.php in PHPCMS 2008 allows attackers to write arbitrary content to a website cache file with a controllable filename, leading to arbitrary code execution. The PHP code is sent via the template parameter, and is written to a data/cachetemplate/.tpl.php file...

CVE-2018-14940

PHPCMS 9 allows remote attackers to cause a denial of service resource consumption via large fontsize, height, and width parameters in an api.php?op=checkcode request...

Cross site request forgery (csrf)

PHPCMS 9 allows remote attackers to cause a denial of service resource consumption via large fontsize, height, and width parameters in an api.php?op=checkcode request...

CVE-2018-14940

PHPCMS 9 is affected by CVE-2018-14940 where remote attackers can trigger a denial of service by sending oversized font_size, height, and width values to api.php?op=checkcode. The connected sources reiterate the same description and CVSS data (NVD), with no concrete remediation details provided i...

CVE-2018-14940

PHPCMS 9 allows remote attackers to cause a denial of service resource consumption via large fontsize, height, and width parameters in an api.php?op=checkcode request...

Design/Logic Flaw

libs\classes\attachment.class.php in PHPCMS 9.6.0 allows remote attackers to upload and execute arbitrary PHP code via a .txt?.php.jpg URI in the SRC attribute of an IMG element within infocontent JSON data to the index.php?m=member&c=index&a=register URI...

CVE-2018-14399

libs\classes\attachment.class.php in PHPCMS 9.6.0 allows remote attackers to upload and execute arbitrary PHP code via a .txt?.php.jpg URI in the SRC attribute of an IMG element within infocontent JSON data to the index.php?m=member&c=index&a=register URI...

CVE-2018-14399

libs\classes\attachment.class.php in PHPCMS 9.6.0 allows remote attackers to upload and execute arbitrary PHP code via a .txt?.php.jpg URI in the SRC attribute of an IMG element within infocontent JSON data to the index.php?m=member&c=index&a=register URI...

CVE-2018-14399

libs\classes\attachment.class.php in PHPCMS 9.6.0 allows remote attackers to upload and execute arbitrary PHP code via a .txt?.php.jpg URI in the SRC attribute of an IMG element within infocontent JSON data to the index.php?m=member&c=index&a=register URI...

CVE-2018-14399

PHPCMS 9.6.0 is affected. The flaw exists in libs\classes\attachment.class.php and allows remote attackers to upload and execute arbitrary PHP code by sending a crafted .txt?.php#.jpg URI in the SRC attribute of an IMG element within info[content] JSON data directed to index.php?m=member&c=index&...

PHPCMS backend has SQL injection vulnerability

PHPCMS is a web content management system based on PHP and Mysql architecture. The system includes modules such as news, pictures, downloads, information and products. A SQL injection vulnerability exists in the page phpcms/modules/pay/payment.php in the backend of PHPCMS, which can be exploited ...

cmsPoc - A CMS Exploit Framework

A CMS Exploit Framework. Requirements python2.7 Works on Linux, Windows Usage usage: cmspoc.py -h -t TYPE -s SCRIPT -u URL optional arguments: -h, --help show this help message and exit -t TYPE, --type TYPE e.g.,phpcms -s SCRIPT, --script SCRIPT Select script -u URL, --url URL Input a target url...