Phpwcms Security Vulnerabilities and Issues — Phpwcms CVE List

Lucene search

PhpwcmsPhpwcms

5 matches found

CVE•added 2023/02/03 6:15 p.m.•47 views

CVE-2021-36425

Directory traversal vulnerability in phpcms 1.9.25 allows remote attackers to delete arbitrary files via unfiltered $file parameter to unlink method in include/inc_act/act_ftptakeover.php file.

5.4CVSS5.5AI score0.00407EPSS

CVE•added 2011/09/24 12:55 a.m.•46 views

CVE-2011-3789

phpwcms 1.4.7 r412 allows remote attackers to obtain sensitive information via a direct request to a .php file, which reveals the installation path in an error message, as demonstrated by template/inc_script/frontend_render/disabled/majonavi.php and certain other files.

5CVSS6.3AI score0.00283EPSS

CVE•added 2005/11/24 11:3 a.m.•40 views

CVE-2005-3789

Multiple directory traversal vulnerabilities in phpwcms 1.2.5 allow remote attackers to read arbitrary files via a .. (dot dot) in the (1) form_lang parameter in login.php and (2) the imgdir parameter in random_image.php.

5CVSS6.9AI score0.04783EPSS

CVE•added 2007/01/05 11:0 a.m.•34 views

CVE-2006-6886

phpwcms 1.2.5-DEV allows remote attackers to obtain sensitive information via a direct request for (1) files.public-userroot.inc.php or (2) files.private.additions.inc.php in include/inc_lib/, which reveals the path in various error messages.

5CVSS6.6AI score0.00597EPSS

CVE•added 2018/06/30 2:29 p.m.•34 views

CVE-2018-12990

phpwcms 1.8.9 allows remote attackers to discover the installation path via an invalid csrf_token_value field.

5.3CVSS5.3AI score0.00244EPSS