Page 2 of 17 results (0.007 seconds)

CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 1

phpwcms v1.9 contains a cross-site scripting (XSS) vulnerability in /image_zoom.php. phpwcms versión v1.9, contiene una vulnerabilidad de tipo cross-site scripting (XSS) en el archivo /image_zoom.php • https://github.com/p1g3/CVE_REQUEST/blob/master/PHPWCMS%20V1.9%20XSS.html • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 1

phpwcms 1.9.13 is vulnerable to Code Injection via /phpwcms/setup/setup.php. phpwcms versión 1.9.13 es vulnerable a la inyección de código por medio del archivo /phpwcms/setup/setup.php • https://cwe.mitre.org/data/definitions/96.html https://github.com/slackero/phpwcms/issues/286 • CWE-94: Improper Control of Generation of Code ('Code Injection') •

CVSS: 5.3EPSS: 0%CPEs: 1EXPL: 1

phpwcms 1.8.9 allows remote attackers to discover the installation path via an invalid csrf_token_value field. phpwcms 1.8.9 permite que atacantes remotos descubran la ruta de instalación mediante un campo csrf_token_value inválido. • https://3xpl01tc0d3r.blogspot.com/2018/06/information-disclosure-internal-path.html • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •

CVSS: 4.8EPSS: 0%CPEs: 1EXPL: 0

phpwcms 1.8.9 has XSS in include/inc_tmpl/admin.edituser.tmpl.php and include/inc_tmpl/admin.newuser.tmpl.php via the username (aka new_login) field. phpwcms 1.8.9 tiene Cross-Site Scripting (XSS) en include/inc_tmpl/admin.edituser.tmpl.php y include/inc_tmpl/admin.newuser.tmpl.php mediante el campo username (conocido como new_login). • https://github.com/slackero/phpwcms/commit/62c7c4a7a7de5effa0a82c89e77e53795a82e11d https://github.com/slackero/phpwcms/commit/90ee94a474b37919161f8112f9e36c53ad70492f • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

CVSS: 5.0EPSS: 0%CPEs: 1EXPL: 0

phpwcms 1.4.7 r412 allows remote attackers to obtain sensitive information via a direct request to a .php file, which reveals the installation path in an error message, as demonstrated by template/inc_script/frontend_render/disabled/majonavi.php and certain other files. phpwcms v1.4.7 r412 permite a atacantes remotos obtener información sensible a través de una petición directa a un archivo .php, lo que revela la ruta de instalación en un mensaje de error, como se demostró con template/inc_script/frontend_render/disabled/majonavi.php y algunos otros archivos. • http://code.google.com/p/inspathx/source/browse/trunk/paths_vuln/%21_README http://code.google.com/p/inspathx/source/browse/trunk/paths_vuln/phpwcms-1.4.7r412 http://www.openwall.com/lists/oss-security/2011/06/27/6 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •