Phpcms

phpcms

18 CVEs • 3 products

Products (3)

Click to collapse

Toggle

Guesbook Module

guesbook_module

CVEs (18)

CVE VENDORS PRODUCTS UPDATED PUBLISHED CVSS
CVE-2025-25960 1Phpcms 1Phpcms Apr 22, 2025 Feb 20, 2025 N/A· v4 6.1 MEDIUM· v3 N/A· v2 Cross Site Scripting vulnerability in phpcmsv9 v.9.6.3 allows a remote attacker to escalate privileges via the menu interface of the member center of the background administrator.
CVE-2025-25958 1Phpcms 1Phpcms Apr 22, 2025 Feb 20, 2025 N/A· v4 5.4 MEDIUM· v3 N/A· v2 Cross Site Scripting vulnerabilities in phpcmsv9 v.9.6.3 allows a remote attacker to escalate privileges via a crafted script.
CVE-2021-40910 1Phpcms 1Phpcms Nov 21, 2024 Jun 15, 2022 N/A· v4 6.1 MEDIUM· v3 4.3 MEDIUM· v2 There is a reflective cross-site scripting (XSS) vulnerability in the PHPCMS V9.6.3 management side.
CVE-2020-22203 1Phpcms 1Phpcms Nov 21, 2024 Jun 16, 2021 N/A· v4 9.8 CRITICAL· v3 7.5 HIGH· v2 SQL Injection in phpCMS 2008 sp4 via the genre parameter to yp/job.php.
CVE-2020-22201 1Phpcms 1Phpcms Nov 21, 2024 Jun 16, 2021 N/A· v4 8.8 HIGH· v3 6.5 MEDIUM· v2 phpCMS 2008 sp4 allowas remote malicious users to execute arbitrary php commands via the pagesize parameter to yp/product.php.
CVE-2020-22200 1Phpcms 1Phpcms Nov 21, 2024 Jun 16, 2021 N/A· v4 5.3 MEDIUM· v3 5.0 MEDIUM· v2 Directory Traversal vulnerability in phpCMS 9.1.13 via the q parameter to public_get_suggest_keyword.
CVE-2020-22199 1Phpcms 1Phpcms Nov 21, 2024 Jun 16, 2021 N/A· v4 9.8 CRITICAL· v3 7.5 HIGH· v2 SQL Injection vulnerability in phpCMS 2007 SP6 build 0805 via the digg_mod parameter to digg_add.php.
CVE-2019-10027 1Phpcms 1Phpcms Nov 21, 2024 Mar 25, 2019 N/A· v4 4.8 MEDIUM· v3 3.5 LOW· v2 PHPCMS 9.6.x through 9.6.3 has XSS via the mailbox (aka E-mail) field on the personal information screen.
CVE-2018-19127 1Phpcms 1Phpcms Nov 21, 2024 Nov 9, 2018 N/A· v4 9.8 CRITICAL· v3 7.5 HIGH· v2 A code injection vulnerability in /type.php in PHPCMS 2008 allows attackers to write arbitrary content to a website cache file with a controllable filename, leading to arbitrary code execution. The PHP code is sent via t...Show more A code injection vulnerability in /type.php in PHPCMS 2008 allows attackers to write arbitrary content to a website cache file with a controllable filename, leading to arbitrary code execution. The PHP code is sent via the template parameter, and is written to a data/cache_template/*.tpl.php file along with a "<?php function " substring.Show less
CVE-2018-14940 1Phpcms 1Phpcms Nov 21, 2024 Aug 5, 2018 N/A· v4 7.5 HIGH· v3 5.0 MEDIUM· v2 PHPCMS 9 allows remote attackers to cause a denial of service (resource consumption) via large font_size, height, and width parameters in an api.php?op=checkcode request.
CVE-2013-5939 1Phpcms 1Guesbook Module May 6, 2026 May 14, 2014 N/A· v4 N/A· v3 4.3 MEDIUM· v2 Multiple cross-site scripting (XSS) vulnerabilities in the Guestbook module for PHPCMS allow remote attackers to inject arbitrary web script or HTML via the (1) list or (2) introduce parameter to index.php.
CVE-2011-0645 1Phpcms 1Phpcms 2008 Apr 29, 2026 Jan 25, 2011 N/A· v4 N/A· v3 7.5 HIGH· v2 SQL injection vulnerability in data.php in PHPCMS 2008 V2 allows remote attackers to execute arbitrary SQL commands via the where_time parameter in a get action.
CVE-2011-0644 1Phpcms 1Phpcms 2008 Apr 29, 2026 Jan 25, 2011 N/A· v4 N/A· v3 7.5 HIGH· v2 SQL injection vulnerability in include/admin/model_field.class.php in PHPCMS 2008 V2 allows remote attackers to execute arbitrary SQL commands via the modelid parameter to flash_upload.php.
CVE-2008-0513 1Phpcms 1Phpcms Apr 23, 2026 Jan 31, 2008 N/A· v4 N/A· v3 7.8 HIGH· v2 Directory traversal vulnerability in parser/include/class.cache_phpcms.php in phpCMS 1.2.2 allows remote attackers to read arbitrary files via a .. (dot dot) in the file parameter to parser/parser.php, as demonstrated by...Show more Directory traversal vulnerability in parser/include/class.cache_phpcms.php in phpCMS 1.2.2 allows remote attackers to read arbitrary files via a .. (dot dot) in the file parameter to parser/parser.php, as demonstrated by a filename ending with %00.gif, a different vector than CVE-2005-1840.Show less
CVE-2006-3019 1Phpcms 1Phpcms Apr 16, 2026 Jun 15, 2006 N/A· v4 N/A· v3 7.5 HIGH· v2 Multiple PHP remote file inclusion vulnerabilities in phpCMS 1.2.1pl2 allow remote attackers to execute arbitrary PHP code via a URL in the PHPCMS_INCLUDEPATH parameter to files in parser/include/ including (1) class.par...Show more Multiple PHP remote file inclusion vulnerabilities in phpCMS 1.2.1pl2 allow remote attackers to execute arbitrary PHP code via a URL in the PHPCMS_INCLUDEPATH parameter to files in parser/include/ including (1) class.parser_phpcms.php, (2) class.session_phpcms.php, (3) class.edit_phpcms.php, (4) class.http_indexer_phpcms.php, (5) class.cache_phpcms.php, (6) class.search_phpcms.php, (7) class.lib_indexer_universal_phpcms.php, and (8) class.layout_phpcms.php, (9) parser/plugs/counter.php, and (10) parser/parser.php. NOTE: the class.cache_phpcms.php vector was also reported to affect 1.1.7.Show less
CVE-2005-1840 1Phpcms 1Phpcms Apr 16, 2026 Jun 2, 2005 N/A· v4 N/A· v3 5.0 MEDIUM· v2 Directory traversal vulnerability in class.layout_phpcms.php in phpCMS 1.2.x before 1.2.1pl2 allows remote attackers to read or include arbitrary files, as demonstrated using a .. (dot dot) in the language parameter to p...Show more Directory traversal vulnerability in class.layout_phpcms.php in phpCMS 1.2.x before 1.2.1pl2 allows remote attackers to read or include arbitrary files, as demonstrated using a .. (dot dot) in the language parameter to parser.php.Show less
CVE-2004-1203 1Phpcms 1Phpcms Apr 16, 2026 Jan 10, 2005 N/A· v4 N/A· v3 5.0 MEDIUM· v2 parser.php in phpCMS 1.2.1 and earlier, with non-stealth and debug modes enabled, allows remote attackers to gain sensitive information via an invalid file parameter, which reveals the web server's installation path.
CVE-2004-1202 1Phpcms 1Phpcms Apr 16, 2026 Jan 10, 2005 N/A· v4 N/A· v3 6.8 MEDIUM· v2 Cross-site scripting (XSS) vulnerability in parser.php in phpCMS 1.2.1 and earlier, with non-stealth and debug modes enabled, allows remote attackers to inject arbitrary web script or HTML via the file parameter.