Phpwcms

Phpwcms

19 Schwachstellen gefunden.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
5.4

CVE-2021-47783

Exploit
  • EPSS 0.01%
  • Veröffentlicht 15.01.2026 23:25:38
  • Zuletzt bearbeitet 09.02.2026 14:52:36

Phpwcms 1.9.30 contains a file upload vulnerability that allows authenticated attackers to upload malicious SVG files with embedded JavaScript. Attackers can upload crafted SVG payloads through the multiple file upload feature to potentially execute ...

9.8

CVE-2025-5499

Exploit
  • EPSS 0.39%
  • Veröffentlicht 03.06.2025 13:31:07
  • Zuletzt bearbeitet 20.01.2026 15:46:26

A vulnerability classified as critical has been found in slackero phpwcms up to 1.9.45/1.10.8. Affected is the function is_file/getimagesize of the file image_resized.php. The manipulation of the argument imgfile leads to deserialization. It is possi...

7.2

CVE-2025-5498

Exploit
  • EPSS 0.31%
  • Veröffentlicht 03.06.2025 13:31:05
  • Zuletzt bearbeitet 20.01.2026 15:38:18

A vulnerability was found in slackero phpwcms up to 1.9.45/1.10.8. It has been rated as critical. This issue affects the function file_get_contents/is_file of the file include/inc_lib/content/cnt21.readform.inc.php of the component Custom Source Tab....

9.8

CVE-2025-5497

Exploit
  • EPSS 0.22%
  • Veröffentlicht 03.06.2025 13:00:16
  • Zuletzt bearbeitet 20.08.2025 09:15:28

A vulnerability was detected in slackero phpwcms up to 1.9.45/1.10.8. The impacted element is an unknown function of the file include/inc_module/mod_feedimport/inc/processing.inc.php of the component Feedimport Module. Performing manipulation of the ...

8.8

CVE-2021-36426

Exploit
  • EPSS 0.69%
  • Veröffentlicht 03.02.2023 18:15:09
  • Zuletzt bearbeitet 26.03.2025 18:15:16

File Upload vulnerability in phpwcms 1.9.25 allows remote attackers to run arbitrary code via crafted file upload to include/inc_lib/general.inc.php.

5.4

CVE-2021-36425

Exploit
  • EPSS 1.45%
  • Veröffentlicht 03.02.2023 18:15:09
  • Zuletzt bearbeitet 26.03.2025 18:15:16

Directory traversal vulnerability in phpcms 1.9.25 allows remote attackers to delete arbitrary files via unfiltered $file parameter to unlink method in include/inc_act/act_ftptakeover.php file.

9.8

CVE-2021-36424

Exploit
  • EPSS 0.93%
  • Veröffentlicht 03.02.2023 18:15:09
  • Zuletzt bearbeitet 26.03.2025 18:15:15

An issue discovered in phpwcms 1.9.25 allows remote attackers to run arbitrary code via DB user field during installation.

9.8

CVE-2021-4301

  • EPSS 0.34%
  • Veröffentlicht 07.01.2023 22:15:08
  • Zuletzt bearbeitet 21.11.2024 06:37:21

A vulnerability was found in slackero phpwcms up to 1.9.26 and classified as critical. Affected by this issue is some unknown functionality. The manipulation of the argument $phpwcms['db_prepend'] leads to sql injection. The attack may be launched re...

6.1

CVE-2021-4302

  • EPSS 0.25%
  • Veröffentlicht 04.01.2023 22:15:09
  • Zuletzt bearbeitet 21.11.2024 06:37:21

A vulnerability was found in slackero phpwcms up to 1.9.26. It has been classified as problematic. This affects an unknown part of the component SVG File Handler. The manipulation leads to cross site scripting. It is possible to initiate the attack r...

6.1

CVE-2020-19855

Exploit
  • EPSS 0.24%
  • Veröffentlicht 08.09.2021 00:15:07
  • Zuletzt bearbeitet 21.11.2024 05:09:25

phpwcms v1.9 contains a cross-site scripting (XSS) vulnerability in /image_zoom.php.