CVE-2018-12990

phpwcms 1.8.9 allows remote attackers to discover the installation path via an invalid csrftokenvalue field...

CVE-2018-12990

phpwcms 1.8.9 allows remote attackers to discover the installation path via an invalid csrftokenvalue field...

CVE-2018-12990

CVE-2018-12990 affects phpwcms 1.8.9. A remote attacker can disclose the installation path via an invalid csrf_token_value field, an information-disclosure issue arising from the csrf_token handling. Several sources (NVD/CNVD entries and related databases) describe phpwcms 1.8.9 as vulnerable to ...

phpwcms Cross-Site Scripting Vulnerability

phpwcms is a flexible, fast, robust, customer and developer friendly and powerful web-based content management system and cms framework based on PHP and MySQL. A cross-site scripting vulnerability exists in include/inctmpl/admin.edituser.tmpl.php and include/inctmpl/admin.newuser.tmpl.php in...

CVE-2017-15872

phpwcms 1.8.9 has XSS in include/inctmpl/admin.edituser.tmpl.php and include/inctmpl/admin.newuser.tmpl.php via the username aka newlogin field...

CVE-2017-15872

phpwcms 1.8.9 has XSS in include/inctmpl/admin.edituser.tmpl.php and include/inctmpl/admin.newuser.tmpl.php via the username aka newlogin field...

Design/Logic Flaw

phpwcms 1.8.9 has XSS in include/inctmpl/admin.edituser.tmpl.php and include/inctmpl/admin.newuser.tmpl.php via the username aka newlogin field...

CVE-2017-15872

phpwcms 1.8.9 has XSS in include/inctmpl/admin.edituser.tmpl.php and include/inctmpl/admin.newuser.tmpl.php via the username aka newlogin field...

CVE-2017-15872

CVE-2017-15872 affects phpwcms 1.8.9 with a cross-site scripting (XSS) vulnerability in include/inc_tmpl/admin.edituser.tmpl.php and include/inc_tmpl/admin.newuser.tmpl.php, exploitable via the username (new_login) field. The affected components are these two admin templates; the underlying cause...

phpwcms 1.7.9 - Multiple Vulnerabilities

Exploit for php platform in category web applications phpwcms 1.7.9 Code Execution and Cross Site Request Forgery Vulnerabilities Overview phpwcms allows the upload of files with dangerous type, which leads to code execution. Additionally, it allows registered users who are not admins to use PHP...

phpwcms 1.7.9 Cross Site Request Forgery

Security Advisory - Curesec Research Team 1. Introduction Affected Product: phpwcms 1.7.9 Fixed in: 1.8.0 RC1 Fixed Version https://github.com/slackero/phpwcms/archive/ Link: phpwcms-1.8.0-RC1.zip Vendor Website: http://www.phpwcms.de/ Vulnerability CSRF Type: Remote Yes Exploitable: Reported to...

phpwcms 1.7.9 Code Execution

Security Advisory - Curesec Research Team 1. Introduction Affected Product: phpwcms 1.7.9 Fixed in: 1.8.0 RC1 Fixed Version https://github.com/slackero/phpwcms/archive/ Link: phpwcms-1.8.0-RC1.zip Vendor Website: http://www.phpwcms.de/ Vulnerability Code Execution Type: Remote Yes Exploitable:...

PHPWCMS 1.5.4 Cross Site Request Forgery

​ Affected software: phpwcms Type of vulnerability:csrf URL:http://www.opensourcecms.com/demo/2/54/phpwcms Discovered by: provensec Website: provensec.com version:1.5.4 Proof of concept no csrf protections were used on directory creation page ​...

PHPWCMS 1.2.5 -DEV Multiple Cross-Site Scripting Vulnerabilities

No description provided by source. !/usr/bin/env python coding: utf-8 from pocsuite.net import req from pocsuite.poc import POCBase, Output from pocsuite.utils import register from urlparse import urljoin class TestPOCPOCBase: vulID = 'SSV-80148' vul ID version = '1' author = 'fenghh' vulDate =...

phpwcms 1.2.5 -DEV login.php form_lang Parameter Traversal Arbitrary File Access

No description provided by source. source: http://www.securityfocus.com/bid/15436/info phpWCMS is prone to multiple remote file-include vulnerabilities because the application fails to properly sanitize user-supplied input. An attacker may leverage these issues to obtain sensitive information tha...

phpwcms 1.2.5 -DEV random_image.php imgdir Parameter Traversal Arbitrary File Access

No description provided by source. source: http://www.securityfocus.com/bid/15436/info phpWCMS is prone to multiple remote file-include vulnerabilities because the application fails to properly sanitize user-supplied input. An attacker may leverage these issues to obtain sensitive information tha...

phpwcms <= 1.2.6 (Cookie: wcs_user_lang) Local File Include Exploit

No description provided by source. ? print ' ::::::::: :::::::::: ::: ::: ::::::::::: ::: :+: :+: :+: :+: :+: :+: :+: +:+ +:+ +:+ +:+ +:+ +:+ +:+ ++ +:+ +++:++ ++ +:+ ++ ++ ++ ++ ++ ++ ++ ++ ++ + + + +++ + + ::::::::::: :::::::::: ::: :::: :::: :+: :+: :+: :+: +:+:+: :+:+:+ +:+ +:+ +:+ +:+ +:+...

phpwcms <= 1.1-RC4 (spaw) Remote File Include Vulnerability

No description provided by source. PhpwCMS 1.2.6 = Multiple Remote file inclusion vulnerabilities Discovered by : |/| . .. | || ||| | | Vuln In : include $spawroot.'class/lang.class.php'; Affected Files : include/incext/spaw/dialogs/table.php include/incext/spaw/dialogs/a.php...

PHPWCMS 1.4.5 r398 Cross Site Request Forgery Vulnerability

No description provided by source. ?php / Exploit Title: PHPWCMS Cross-Site Request Forgery Vulnerability Date: 06/16/2010 Author: Jeremiah Talamantes Software Link: http://phpwcms.googlecode.com/files/phpwcmsr398.zip Version: 1.4.5 r398 Tested on: WinXP SP2 EN on WAMP 2.0 CVE: N/A Jeremiah...

phpwcms 'preg_replace()'multiple remote PHP code injection vulnerability-vulnerability warning-the black bar safety net

phpwcms is an open source content management system. phpwcms 1.5.4.6 and other versions in the realization on the presence of a plurality of code injection vulnerability, an authenticated remote attacker can use the"backend user""admin user""backend user"account exploit these...