Known Vulnerabilities for products from Phpwcms
Listed below are 17 of the newest known vulnerabilities associated with the vendor "Phpwcms".
These CVEs are retrieved based on exact matches on listed vendor information (CPE data) as well as a keyword search to ensure the newest vulnerabilities with no officially listed vendor information are still displayed.
Data on known vulnerable products is also displayed based on information from known CPEs, each product links to its respective vulnerability page.
Known Vulnerabilities
| CVE | Shortened Description | Severity | Publish Date | Last Modified |
|---|---|---|---|---|
| CVE-2025-5497 json | A vulnerability was detected in slackero phpwcms up to 1.9.45/1.10.8. The impacted element is an unknown function of the file... | Not Provided | 2025-06-03 | 2026-04-29 |
| CVE-2021-36426 json | ** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new secur... | 8.8 - HIGH | 2023-02-03 | 2023-02-10 |
| CVE-2021-36425 json | ** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new secur... | 5.4 - MEDIUM | 2023-02-03 | 2023-02-10 |
| CVE-2021-36424 json | ** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new secur... | 9.8 - CRITICAL | 2023-02-03 | 2023-02-10 |
| CVE-2021-4302 json | A vulnerability was found in slackero phpwcms up to 1.9.26. It has been classified as problematic. This affects an unknown pa... | 6.1 - MEDIUM | 2023-01-04 | 2023-11-16 |
| CVE-2021-4301 json | A vulnerability was found in slackero phpwcms up to 1.9.26 and classified as critical. Affected by this issue is some unknown... | 9.8 - CRITICAL | 2023-01-07 | 2023-11-07 |
| CVE-2020-21784 json | phpwcms 1.9.13 is vulnerable to Code Injection via /phpwcms/setup/setup.php. | 9.8 - CRITICAL | 2021-06-24 | 2022-09-29 |
| CVE-2020-19855 json | phpwcms v1.9 contains a cross-site scripting (XSS) vulnerability in /image_zoom.php. | 6.1 - MEDIUM | 2021-09-08 | 2021-09-10 |
| CVE-2018-12990 json | phpwcms 1.8.9 allows remote attackers to discover the installation path via an invalid csrf_token_value field. | 5.3 - MEDIUM | 2018-06-30 | 2018-08-28 |
| CVE-2017-15872 json | phpwcms 1.8.9 has XSS in include/inc_tmpl/admin.edituser.tmpl.php and include/inc_tmpl/admin.newuser.tmpl.php via the usernam... | Not Provided | 2017-10-24 | 2025-04-20 |
| CVE-2011-3789 json | phpwcms 1.4.7 r412 allows remote attackers to obtain sensitive information via a direct request to a .php file, which reveals... | Not Provided | 2011-09-24 | 2026-04-29 |
| CVE-2006-7019 json | phpwcms 1.2.5-DEV and earlier, and 1.1 before RC4, allows remote attackers to execute arbitrary code via crafted arguments to... | Not Provided | 2007-02-15 | 2026-04-23 |
| CVE-2006-6886 json | phpwcms 1.2.5-DEV allows remote attackers to obtain sensitive information via a direct request for (1) files.public-userroot.... | Not Provided | 2006-12-31 | 2026-04-23 |
| CVE-2006-2519 json | Directory traversal vulnerability in include/inc_ext/spaw/spaw_control.class.php in phpwcms 1.2.5-DEV allows remote attackers... | 2.6 - LOW | 2006-05-22 | 2018-10-18 |
| CVE-2006-2518 json | Cross-site scripting (XSS) vulnerability in phpwcms 1.2.5-DEV allows remote attackers to inject arbitrary web script or HTML ... | 2.6 - LOW | 2006-05-22 | 2018-10-18 |
| CVE-2005-3790 json | Multiple cross-site scripting (XSS) vulnerabilities in act_newsletter.php in phpwcms 1.2.5 allow remote attackers to inject a... | Not Provided | 2005-11-24 | 2025-04-03 |
| CVE-2005-3789 json | Multiple directory traversal vulnerabilities in phpwcms 1.2.5 allow remote attackers to read arbitrary files via a .. (dot do... | Not Provided | 2005-11-24 | 2025-04-03 |
Known software with vulnerabilities from Phpwcms
| Type | Vendor | Product | Version |
|---|---|---|---|
| Application | Phpwcms | Phpwcms | 1.5.3 |