phpwcms software vulnerabilities
vulnerabilities.aspcode.net
Searching phpwcms software vulnerabilities
Multiple directory traversal vulnerabilities in
vulnerabilities
|
traversal
|
directory
|
Multiple
|
phpwcms
|
Multiple directory traversal vulnerabilities in phpwcms 1.2.5 allow remote attackers to read arbitrary files via a .. (dot dot) in the (1) form_lang parameter in login.php and (2) the imgdir parameter in random_image.php.
Multiple cross-site scripting (XSS) vulnerabili
cross-site
|
scripting
|
Multiple
|
Multiple cross-site scripting (XSS) vulnerabilities in act_newsletter.php in phpwcms 1.2.5 allow remote attackers to inject arbitrary web script or HTML via the (1) i and (2) text parameters.
Cross-site scripting (XSS) vulnerability in php
Cross-site
|
scripting
|
Cross-site scripting (XSS) vulnerability in phpwcms 1.2.5-DEV allows remote attackers to inject arbitrary web script or HTML via the BL[be_cnt_plainhtml] parameter to include/inc_tmpl/content/cnt6.inc.php.
Directory traversal vulnerability in include/in
include/inc_ext/spaw/spaw_controlclassphp
|
vulnerability
|
attackers
|
arbitrary
|
traversal
|
Directory
|
include
|
phpwcms
|
125-DEV
|
allows
|
remote
|
files
|
local
|
via
|
Directory traversal vulnerability in include/inc_ext/spaw/spaw_control.class.php in phpwcms 1.2.5-DEV allows remote attackers to include arbitrary local files via .. (dot dot) sequences in the spaw_root parameter. NOTE: CVE analysis suggests that this issue is actually in SPAW Editor PHP Edition.
phpwcms 1.2.5-DEV allows remote attackers to ob
information
|
sensitive
|
attackers
|
phpwcms
|
125-DEV
|
request
|
direct
|
remote
|
allows
|
obtain
|
via
|
phpwcms 1.2.5-DEV allows remote attackers to obtain sensitive information via a direct request for (1) files.public-userroot.inc.php or (2) files.private.additions.inc.php in include/inc_lib/, which reveals the path in various error messages.
phpwcms 1.2.5-DEV and earlier, and 1.1 before R
arguments
|
arbitrary
|
attackers
|
execute
|
phpwcms
|
125-DEV
|
earlier
|
crafted
|
before
|
allows
|
remote
|
code
|
RC4
|
via
|
phpwcms 1.2.5-DEV and earlier, and 1.1 before RC4, allows remote attackers to execute arbitrary code via crafted arguments to the (1) text_evento and (2) email_eventonome_evento parameters to phpwcms_code_snippets/mail_file_form.php and sample_ext_php/mail_file_form.php, which is processed by the render_PHPcode function. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
CRLF injection vulnerability in (1) include/inc
vulnerability
|
injection
|
CRLF
|
CRLF injection vulnerability in (1) include/inc_act/act_formmailer.php and possibly (2) sample_ext_php/mail_file_form.php in phpwcms 1.2.5-DEV and earlier, and 1.1 before RC4, allows remote attackers to modify HTTP headers and send spam e-mail via a spoofed HTTP Referer (HTTP_REFERER).
Multiple PHP remote file inclusion vulnerabilit
vulnerabilities
|
inclusion
|
Multiple
|
phpWCMS
|
remote
|
file
|
PHP
|
Multiple PHP remote file inclusion vulnerabilities in phpWCMS XT 0.0.7 BETA and earlier allow remote attackers to execute arbitrary PHP code via a URL in the HTML_MENU_DirPath parameter to (1) config_HTML_MENU.php and (2) config_PHPLM.php in phpwcms_template/inc_script/frontend_render/navigation/.
Software vulnerabilities results 1 to 9 of 9
Page:
1