Vulnerabilities (CVE)

Join the Common Vulnerabilities and Exposures (CVE) community and start to get notified about new vulnerabilities.

Filtered by vendor Phpcms Subscribe
Filtered by product Phpcms
Total 13 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2020-22201 1 Phpcms 1 Phpcms 2022-09-29 6.5 MEDIUM 8.8 HIGH
phpCMS 2008 sp4 allowas remote malicious users to execute arbitrary php commands via the pagesize parameter to yp/product.php.
CVE-2021-40910 1 Phpcms 1 Phpcms 2022-06-23 4.3 MEDIUM 6.1 MEDIUM
There is a reflective cross-site scripting (XSS) vulnerability in the PHPCMS V9.6.3 management side.
CVE-2020-22203 1 Phpcms 1 Phpcms 2021-06-21 7.5 HIGH 9.8 CRITICAL
SQL Injection in phpCMS 2008 sp4 via the genre parameter to yp/job.php.
CVE-2020-22199 1 Phpcms 1 Phpcms 2021-06-21 7.5 HIGH 9.8 CRITICAL
SQL Injection vulnerability in phpCMS 2007 SP6 build 0805 via the digg_mod parameter to digg_add.php.
CVE-2020-22200 1 Phpcms 1 Phpcms 2021-06-17 5.0 MEDIUM 5.3 MEDIUM
Directory Traversal vulnerability in phpCMS 9.1.13 via the q parameter to public_get_suggest_keyword.
CVE-2018-14940 1 Phpcms 1 Phpcms 2019-10-02 5.0 MEDIUM 7.5 HIGH
PHPCMS 9 allows remote attackers to cause a denial of service (resource consumption) via large font_size, height, and width parameters in an api.php?op=checkcode request.
CVE-2019-10027 1 Phpcms 1 Phpcms 2019-03-26 3.5 LOW 4.8 MEDIUM
PHPCMS 9.6.x through 9.6.3 has XSS via the mailbox (aka E-mail) field on the personal information screen.
CVE-2018-19127 1 Phpcms 1 Phpcms 2019-02-04 7.5 HIGH 9.8 CRITICAL
A code injection vulnerability in /type.php in PHPCMS 2008 allows attackers to write arbitrary content to a website cache file with a controllable filename, leading to arbitrary code execution. The PHP code is sent via the template parameter, and is written to a data/cache_template/*.tpl.php file along with a "<?php function " substring.
CVE-2006-3019 1 Phpcms 1 Phpcms 2018-10-18 7.5 HIGH N/A
Multiple PHP remote file inclusion vulnerabilities in phpCMS 1.2.1pl2 allow remote attackers to execute arbitrary PHP code via a URL in the PHPCMS_INCLUDEPATH parameter to files in parser/include/ including (1) class.parser_phpcms.php, (2) class.session_phpcms.php, (3) class.edit_phpcms.php, (4) class.http_indexer_phpcms.php, (5) class.cache_phpcms.php, (6) class.search_phpcms.php, (7) class.lib_indexer_universal_phpcms.php, and (8) class.layout_phpcms.php, (9) parser/plugs/counter.php, and (10) parser/parser.php. NOTE: the class.cache_phpcms.php vector was also reported to affect 1.1.7.
CVE-2008-0513 1 Phpcms 1 Phpcms 2018-10-15 7.8 HIGH N/A
Directory traversal vulnerability in parser/include/class.cache_phpcms.php in phpCMS 1.2.2 allows remote attackers to read arbitrary files via a .. (dot dot) in the file parameter to parser/parser.php, as demonstrated by a filename ending with %00.gif, a different vector than CVE-2005-1840.
CVE-2004-1202 1 Phpcms 1 Phpcms 2017-07-10 6.8 MEDIUM N/A
Cross-site scripting (XSS) vulnerability in parser.php in phpCMS 1.2.1 and earlier, with non-stealth and debug modes enabled, allows remote attackers to inject arbitrary web script or HTML via the file parameter.
CVE-2004-1203 1 Phpcms 1 Phpcms 2017-07-10 5.0 MEDIUM N/A
parser.php in phpCMS 1.2.1 and earlier, with non-stealth and debug modes enabled, allows remote attackers to gain sensitive information via an invalid file parameter, which reveals the web server's installation path.
CVE-2005-1840 1 Phpcms 1 Phpcms 2016-10-17 5.0 MEDIUM N/A
Directory traversal vulnerability in class.layout_phpcms.php in phpCMS 1.2.x before 1.2.1pl2 allows remote attackers to read or include arbitrary files, as demonstrated using a .. (dot dot) in the language parameter to parser.php.