CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

4 matches found

CNVD•added 2018/07/02 12:0 a.m.•2 views

Cross-site scripting vulnerability in phpwcms (CNVD-2018-13849)

phpwcms is an open source web content management system. A vulnerability exists in phpwcms version 1.8.9. A remote attacker can obtain the installation path of a website via an invalid cross-site scripting injection value...

5.3CVSS5.5AI score0.00244EPSS

Exploits1References1

Prion•added 2018/06/30 2:29 p.m.•10 views

Code injection

phpwcms 1.8.9 allows remote attackers to discover the installation path via an invalid csrftokenvalue field...

5CVSS5.4AI score0.00244EPSS

Exploits1References1Affected Software1

OSV•added 2018/06/30 2:29 p.m.•16 views

CVE-2018-12990

phpwcms 1.8.9 allows remote attackers to discover the installation path via an invalid csrftokenvalue field...

5.3CVSS7.2AI score

Exploits0References1

Prion•added 2017/10/24 8:29 p.m.•8 views

Design/Logic Flaw

phpwcms 1.8.9 has XSS in include/inctmpl/admin.edituser.tmpl.php and include/inctmpl/admin.newuser.tmpl.php via the username aka newlogin field...

3.5CVSS4.9AI score0.00219EPSS

Exploits0References2Affected Software1

Rows per page

Query Builder

Family

Bulletin Type

Min CVSS Score

Date

Order by