CVE-2021-4301

A vulnerability was found in slackero phpwcms up to 1.9.26 and classified as critical. Affected by this issue is some unknown functionality. The manipulation of the argument $phpwcms'dbprepend' leads to sql injection. The attack may be launched remotely. Upgrading to version 1.9.27 is able to...

Sql injection

A vulnerability was found in slackero phpwcms up to 1.9.26 and classified as critical. Affected by this issue is some unknown functionality. The manipulation of the argument $phpwcms'dbprepend' leads to sql injection. The attack may be launched remotely. Upgrading to version 1.9.27 is able to...

CVE-2021-4301 slackero phpwcms sql injection

A vulnerability was found in slackero phpwcms up to 1.9.26 and classified as critical. Affected by this issue is some unknown functionality. The manipulation of the argument $phpwcms'dbprepend' leads to sql injection. The attack may be launched remotely. Upgrading to version 1.9.27 is able to...

CVE-2021-4301

The CVE-2021-4301 entry affects slackero phpwcms (versions up to 1.9.26). The root cause is SQL injection triggered by manipulating the PHP variable phpwcms['db_prepend']. Impact is SQL injection with remote attack potential on affected installations. A fix is available in phpwcms 1.9.27, with th...

PT-2023-12405 · Phpcms · Phpcms

Name of the Vulnerable Software and Affected Versions: slackero phpwcms versions 1.9.26 and earlier Description: A critical issue was found in the software, affecting some unknown functionality. The manipulation of the argument $phpwcms'db prepend' leads to SQL injection. The attack can be launch...

phpwcms SQL注入漏洞

phpwcms is a website management system that follows the GNU open source protocol and utilizes PHP+MYSQL architecture for development. A SQL injection vulnerability exists in versions of Phpwcms before 1.9.26. An attacker can exploit this vulnerability to perform SQL injection and steal data, etc...

CVE-2021-4302

A vulnerability was found in slackero phpwcms up to 1.9.26. It has been classified as problematic. This affects an unknown part of the component SVG File Handler. The manipulation leads to cross site scripting. It is possible to initiate the attack remotely. Upgrading to version 1.9.27 is able to...

CVE-2021-4302

A vulnerability was found in slackero phpwcms up to 1.9.26. It has been classified as problematic. This affects an unknown part of the component SVG File Handler. The manipulation leads to cross site scripting. It is possible to initiate the attack remotely. Upgrading to version 1.9.27 is able to...

Cross site scripting

A vulnerability was found in slackero phpwcms up to 1.9.26. It has been classified as problematic. This affects an unknown part of the component SVG File Handler. The manipulation leads to cross site scripting. It is possible to initiate the attack remotely. Upgrading to version 1.9.27 is able to...

CVE-2021-4302 slackero phpwcms SVG File cross site scripting

A vulnerability was found in slackero phpwcms up to 1.9.26. It has been classified as problematic. This affects an unknown part of the component SVG File Handler. The manipulation leads to cross site scripting. It is possible to initiate the attack remotely. Upgrading to version 1.9.27 is able to...

CVE-2021-4302

The CVE-2021-4302 issue affects slackero phpwcms versions up to 1.9.26, specifically the SVG File Handler. The vulnerability enables cross-site scripting and can be triggered remotely. Root cause details are not fully disclosed in the provided documents, but the documented mitigation is to upgrad...

CVE-2021-4302 slackero phpwcms SVG File cross site scripting

A vulnerability was found in slackero phpwcms up to 1.9.26. It has been classified as problematic. This affects an unknown part of the component SVG File Handler. The manipulation leads to cross site scripting. It is possible to initiate the attack remotely. Upgrading to version 1.9.27 is able to...

phpwcms 跨站脚本漏洞

phpwcms is an open source web content management system. It is fast, easy to install and runs on any standard web server platform that supports PHP/MySQL. A cross-site scripting vulnerability exists in versions prior to phpwcms 1.9.26, which stems from an unknown portion of the component SVG file...

PT-2023-12406 · Slackero · Phpcms

Name of the Vulnerable Software and Affected Versions: slackero phpwcms versions up to 1.9.26 Description: A vulnerability was found in the SVG File Handler component of slackero phpwcms, which can be exploited to lead to cross site scripting. The manipulation can be initiated remotely...

Phpwcms 1.9.30 Cross Site Scripting

Exploit Title: Phpwcms 1.9.30 - File Upload to XSS Date: 30/9/2021 Exploit Author: Okan Kurtulus | okankurtulus.com.tr Software Link: http://www.phpwcms.org/ Version: 1.9.30 Tested on: Ubuntu 16.04 Steps: 1- You need to login to the system. http://target.com/phpwcms/login.php 2- Creating payload...

Phpwcms 1.9.30 - File Upload to XSS Vulnerability

Exploit Title: Phpwcms 1.9.30 - File Upload to XSS Exploit Author: Okan Kurtulus | okankurtulus.com.tr Software Link: http://www.phpwcms.org/ Version: 1.9.30 Tested on: Ubuntu 16.04 Steps: 1- You need to login to the system. http://target.com/phpwcms/login.php 2- Creating payload with SVG...

CVE-2020-19855

phpwcms v1.9 contains a cross-site scripting XSS vulnerability in /imagezoom.php...

CVE-2020-19855

phpwcms v1.9 contains a cross-site scripting XSS vulnerability in /imagezoom.php...

Cross site scripting

phpwcms v1.9 contains a cross-site scripting XSS vulnerability in /imagezoom.php...

phpwcms Cross-Site Scripting Vulnerability (CNVD-2021-93900)

phpwcms is a flexible, fast, robust, customer- and developer-friendly and powerful web-based content management system and cms framework based on PHP and MySQL. phpwcms version 1.9 contains a cross-site scripting vulnerability in /imagezoom.php. An attacker can exploit this vulnerability to obtai...