Lucene search

K

Phpcms Security Vulnerabilities

cve
cve

CVE-2018-14399

libs\classes\attachment.class.php in PHPCMS 9.6.0 allows remote attackers to upload and execute arbitrary PHP code via a .txt?.php#.jpg URI in the SRC attribute of an IMG element within info[content] JSON data to the index.php?m=member&c=index&a=register...

9.8CVSS

9.6AI Score

0.005EPSS

2018-07-19 05:29 AM
24
cve
cve

CVE-2021-40910

There is a reflective cross-site scripting (XSS) vulnerability in the PHPCMS V9.6.3 management...

6.1CVSS

5.9AI Score

0.001EPSS

2022-06-15 04:15 PM
35
4
cve
cve

CVE-2020-22203

SQL Injection in phpCMS 2008 sp4 via the genre parameter to...

9.8CVSS

9.7AI Score

0.002EPSS

2021-06-16 06:15 PM
32
3
cve
cve

CVE-2020-22201

phpCMS 2008 sp4 allowas remote malicious users to execute arbitrary php commands via the pagesize parameter to...

8.8CVSS

8.9AI Score

0.001EPSS

2021-06-16 05:15 PM
24
8
cve
cve

CVE-2020-22199

SQL Injection vulnerability in phpCMS 2007 SP6 build 0805 via the digg_mod parameter to...

9.8CVSS

9.7AI Score

0.002EPSS

2021-06-16 05:15 PM
17
8
cve
cve

CVE-2020-22200

Directory Traversal vulnerability in phpCMS 9.1.13 via the q parameter to...

5.3CVSS

5.2AI Score

0.001EPSS

2021-06-16 05:15 PM
22
9
cve
cve

CVE-2019-10027

PHPCMS 9.6.x through 9.6.3 has XSS via the mailbox (aka E-mail) field on the personal information...

4.8CVSS

4.8AI Score

0.001EPSS

2019-03-25 12:29 AM
25
cve
cve

CVE-2018-19127

A code injection vulnerability in /type.php in PHPCMS 2008 allows attackers to write arbitrary content to a website cache file with a controllable filename, leading to arbitrary code execution. The PHP code is sent via the template parameter, and is written to a data/cache_template/*.tpl.php file.....

9.8CVSS

9.7AI Score

0.792EPSS

2018-11-09 12:29 PM
20
cve
cve

CVE-2018-14940

PHPCMS 9 allows remote attackers to cause a denial of service (resource consumption) via large font_size, height, and width parameters in an api.php?op=checkcode...

7.5CVSS

7.4AI Score

0.002EPSS

2018-08-05 06:29 PM
20
cve
cve

CVE-2013-5939

Multiple cross-site scripting (XSS) vulnerabilities in the Guestbook module for PHPCMS allow remote attackers to inject arbitrary web script or HTML via the (1) list or (2) introduce parameter to...

5.9AI Score

0.002EPSS

2014-05-14 07:55 PM
15
cve
cve

CVE-2011-0644

SQL injection vulnerability in include/admin/model_field.class.php in PHPCMS 2008 V2 allows remote attackers to execute arbitrary SQL commands via the modelid parameter to...

8.7AI Score

0.002EPSS

2011-01-25 07:00 PM
26
cve
cve

CVE-2011-0645

SQL injection vulnerability in data.php in PHPCMS 2008 V2 allows remote attackers to execute arbitrary SQL commands via the where_time parameter in a get...

8.6AI Score

0.001EPSS

2011-01-25 07:00 PM
17
cve
cve

CVE-2008-0513

Directory traversal vulnerability in parser/include/class.cache_phpcms.php in phpCMS 1.2.2 allows remote attackers to read arbitrary files via a .. (dot dot) in the file parameter to parser/parser.php, as demonstrated by a filename ending with %00.gif, a different vector than...

6.6AI Score

0.015EPSS

2008-01-31 08:00 PM
26
cve
cve

CVE-2006-3019

Multiple PHP remote file inclusion vulnerabilities in phpCMS 1.2.1pl2 allow remote attackers to execute arbitrary PHP code via a URL in the PHPCMS_INCLUDEPATH parameter to files in parser/include/ including (1) class.parser_phpcms.php, (2) class.session_phpcms.php, (3) class.edit_phpcms.php, (4)...

8AI Score

0.437EPSS

2006-06-15 10:02 AM
25
cve
cve

CVE-2005-1840

Directory traversal vulnerability in class.layout_phpcms.php in phpCMS 1.2.x before 1.2.1pl2 allows remote attackers to read or include arbitrary files, as demonstrated using a .. (dot dot) in the language parameter to...

6.7AI Score

0.007EPSS

2005-06-02 04:00 AM
23
cve
cve

CVE-2004-1203

parser.php in phpCMS 1.2.1 and earlier, with non-stealth and debug modes enabled, allows remote attackers to gain sensitive information via an invalid file parameter, which reveals the web server's installation...

7AI Score

0.008EPSS

2005-01-10 05:00 AM
18
cve
cve

CVE-2004-1202

Cross-site scripting (XSS) vulnerability in parser.php in phpCMS 1.2.1 and earlier, with non-stealth and debug modes enabled, allows remote attackers to inject arbitrary web script or HTML via the file...

5.7AI Score

0.689EPSS

2005-01-10 05:00 AM
22