RSS   Podatności dla 'Phpwcms'   RSS

2021-09-08
 
CVE-2020-19855

CWE-79
 

 
phpwcms v1.9 contains a cross-site scripting (XSS) vulnerability in /image_zoom.php.

 
2021-06-24
 
CVE-2020-21784

CWE-94
 

 
phpwcms 1.9.13 is vulnerable to Code Injection via /phpwcms/setup/setup.php.

 
2018-06-30
 
CVE-2018-12990

CWE-200
 

 
phpwcms 1.8.9 allows remote attackers to discover the installation path via an invalid csrf_token_value field.

 
2017-10-24
 
CVE-2017-15872

CWE-79
 

 
phpwcms 1.8.9 has XSS in include/inc_tmpl/admin.edituser.tmpl.php and include/inc_tmpl/admin.newuser.tmpl.php via the username (aka new_login) field.

 
2007-02-14
 
CVE-2006-7019

 

 
phpwcms 1.2.5-DEV and earlier, and 1.1 before RC4, allows remote attackers to execute arbitrary code via crafted arguments to the (1) text_evento and (2) email_eventonome_evento parameters to phpwcms_code_snippets/mail_file_form.php and sample_ext_php/mail_file_form.php, which is processed by the render_PHPcode function. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.

 
2006-12-31
 
CVE-2006-6886

CWE-200
 

 
phpwcms 1.2.5-DEV allows remote attackers to obtain sensitive information via a direct request for (1) files.public-userroot.inc.php or (2) files.private.additions.inc.php in include/inc_lib/, which reveals the path in various error messages.

 
2006-05-22
 
CVE-2006-2519

CWE-Other
 

 
Directory traversal vulnerability in include/inc_ext/spaw/spaw_control.class.php in phpwcms 1.2.5-DEV allows remote attackers to include arbitrary local files via .. (dot dot) sequences in the spaw_root parameter. NOTE: CVE analysis suggests that this issue is actually in SPAW Editor PHP Edition.

 
 
CVE-2006-2518

CWE-Other
 

 
Cross-site scripting (XSS) vulnerability in phpwcms 1.2.5-DEV allows remote attackers to inject arbitrary web script or HTML via the BL[be_cnt_plainhtml] parameter to include/inc_tmpl/content/cnt6.inc.php.

 
2005-11-24
 
CVE-2005-3789

 

 
Multiple directory traversal vulnerabilities in phpwcms 1.2.5 allow remote attackers to read arbitrary files via a .. (dot dot) in the (1) form_lang parameter in login.php and (2) the imgdir parameter in random_image.php.

 


Copyright 2024, cxsecurity.com

 

Back to Top