CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

CVE•added 2021/09/07 11:41 p.m.•35 views

CVE-2020-19855

CVE-2020-19855 affects phpwcms v1.9 with a cross-site scripting (XSS) vulnerability in /image_zoom.php. Several connected sources confirm the issue and its impact: an attacker could exploit this XSS to obtain an administrator cookie (CNVD/CNNVD entries). The Red Hat, NVD, and CVE listings all des...

6.1CVSS5.9AI score0.0024EPSS

Exploits1References1Affected Software1

CNNVD•added 2021/09/07 12:0 a.m.•2 views

phpwcms 跨站脚本漏洞

phpwcms is a flexible, fast, robust, customer- and developer-friendly and powerful web-based content management system and cms framework based on PHP and MySQL. phpwcms version 1.9 contains a cross-site scripting vulnerability in /imagezoom.php. An attacker can exploit this vulnerability to obtai...

6.1CVSS5.3AI score0.0024EPSS

Huntr•added 2021/08/31 11:16 p.m.•10 views

Forced Browsing in slackero/phpwcms

✍️ Description A malicious actor is able to reveal the list and details of newsletter subscribers. 🕵️‍♂️ Proof of Concept - Method 1; This method requires a proxy utility, like BurpSuite. - With an administrator user, create some subscribers on the newsletters under CommunicationNewsletter...

1.3AI score

Huntr•added 2021/08/21 4:45 p.m.•11 views

SQL Injection in slackero/phpwcms

✍️ Description Data enters a program from an untrusted source 🕵️‍♂️ Proof of Concept if$result = mysqliquery$db, 'SELECT FROM '. $phpwcms"dbprepend" ? $phpwcms"dbprepend".'' : ''.'phpwcmsuser' 💥 Impact A successful attack may result in the unauthorized viewing of user lists, the deletion of entire...

1.5AI score

Huntr•added 2021/08/19 3:8 p.m.•10 views

Cross-site Scripting (XSS) - Stored in slackero/phpwcms

✍️ Description Stored xss 🕵️‍♂️ Proof of Concept Plz check this 1 minute video https://drive.google.com/file/d/1ycKDrN3ot623c-iYTaJYFNCjxCXChNx1/view?usp=sharing 💥 Impact xss bug...

0.6AI score

Huntr•added 2021/08/12 4:34 a.m.•8 views

Open Redirect in slackero/phpwcms

✍️ Description Session hijacking via open redirection 🕵️‍♂️ Proof of Concept Steps to reproduce 1. Go to http://your-domain.tld/login.php?ref=http://attackers-domain.tld/? 2. Login to a valid account 3. You will be redirected to...

1.3AI score

CNVD•added 2021/07/02 12:0 a.m.•9 views

Arbitrary File Deletion Vulnerability in phpwcms

phpwcms is an open source web content management system. An arbitrary file deletion vulnerability exists in phpwcms, which can be exploited by an attacker to delete files on the server...

7.1AI score

CNVD•added 2021/07/02 12:0 a.m.•11 views

File upload vulnerability exists in phpwcms (CNVD-2021-49577)

phpwcms is an open source web content management system. A file upload vulnerability exists in phpwcms, which can be exploited by an attacker to upload a webshell and gain server privileges...

7.2AI score

CNVD•added 2021/06/25 12:0 a.m.•13 views

phpwcms code injection vulnerability

phpwcms is an open source Web content management system. It is fast, easy to install and runs on any standard web server platform that supports PHP/MySQL. phpwcms suffers from a code injection vulnerability that can be exploited by attackers via /phpwcms/setup/setup.php...

9.8CVSS4.1AI score0.00592EPSS

OSV•added 2021/06/24 4:15 p.m.•10 views

CVE-2020-21784

phpwcms 1.9.13 is vulnerable to Code Injection via /phpwcms/setup/setup.php...

9.8CVSS7.3AI score

Exploits0References2

NVD•added 2021/06/24 4:15 p.m.•10 views

CVE-2020-21784

phpwcms 1.9.13 is vulnerable to Code Injection via /phpwcms/setup/setup.php...

9.8CVSS0.00592EPSS

Prion•added 2021/06/24 4:15 p.m.•13 views

Code injection

phpwcms 1.9.13 is vulnerable to Code Injection via /phpwcms/setup/setup.php...

7.5CVSS9.6AI score0.00592EPSS

Exploits1References2Affected Software1

CVE•added 2021/06/24 3:29 p.m.•44 views

CVE-2020-21784

CVE-2020-21784 affects phpwcms 1.9.13 and is described as a Code Injection vulnerability exploitable via the API endpoint /phpwcms/setup/setup.php. The connected sources consistently identify the vulnerable component and path but do not provide concrete exploit steps, affected versions beyond 1.9...

9.8CVSS9.6AI score0.00592EPSS

Exploits1References2Affected Software1

Cvelist•added 2021/06/24 3:29 p.m.•12 views

CVE-2020-21784

phpwcms 1.9.13 is vulnerable to Code Injection via /phpwcms/setup/setup.php...

9.7AI score0.00592EPSS

CNNVD•added 2021/06/24 12:0 a.m.•1 views

slackero phpwcms 代码注入漏洞

9.8CVSS5.8AI score0.00592EPSS

Positive Technologies•added 2021/06/24 12:0 a.m.•4 views

PT-2021-10662 · Phpcms · Phpcms

Name of the Vulnerable Software and Affected Versions: phpwcms version 1.9.13 Description: The issue allows for Code Injection via the "/phpwcms/setup/setup.php" API endpoint. Recommendations: For phpwcms version 1.9.13, at the moment, there is no information about a newer version that contains a...

9.8CVSS9.6AI score0.00592EPSS

Exploits1References5

CNVD•added 2018/07/02 12:0 a.m.•2 views

Cross-site scripting vulnerability in phpwcms (CNVD-2018-13849)

phpwcms is an open source web content management system. A vulnerability exists in phpwcms version 1.8.9. A remote attacker can obtain the installation path of a website via an invalid cross-site scripting injection value...

5.3CVSS5.5AI score0.00244EPSS

NVD•added 2018/06/30 2:29 p.m.•10 views

CVE-2018-12990

phpwcms 1.8.9 allows remote attackers to discover the installation path via an invalid csrftokenvalue field...

5.3CVSS5.4AI score0.00244EPSS