CVSS: 5.4EPSS: 0%CPEs: 1EXPL: 0CVE-2025-25958
https://notcve.org/view.php?id=CVE-2025-25958
20 Feb 2025 — Cross Site Scripting vulnerabilities in phpcmsv9 v.9.6.3 allows a remote attacker to escalate privileges via a crafted script. • https://github.com/Abel-Lan/phpcms/issues/1 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 0CVE-2025-25960
https://notcve.org/view.php?id=CVE-2025-25960
20 Feb 2025 — Cross Site Scripting vulnerability in phpcmsv9 v.9.6.3 allows a remote attacker to escalate privileges via the menu interface of the member center of the background administrator. • https://github.com/Abel-Lan/phpcms/issues/2 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 1CVE-2021-40910
https://notcve.org/view.php?id=CVE-2021-40910
15 Jun 2022 — There is a reflective cross-site scripting (XSS) vulnerability in the PHPCMS V9.6.3 management side. Se presenta una vulnerabilidad de tipo cross-site scripting (XSS) reflexiva en la parte de administración de PHPCMS versión V9.6.3 • https://gitee.com/phpcms/phpcms/issues/I493K8 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 1CVE-2020-22203
https://notcve.org/view.php?id=CVE-2020-22203
16 Jun 2021 — SQL Injection in phpCMS 2008 sp4 via the genre parameter to yp/job.php. Unainyección SQL en phpCMS versión 2008 sp4 por medio del parámetro genre en el archivo yp/job.php • https://github.com/blindkey/cve_like/issues/6 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 1CVE-2020-22201
https://notcve.org/view.php?id=CVE-2020-22201
16 Jun 2021 — phpCMS 2008 sp4 allowas remote malicious users to execute arbitrary php commands via the pagesize parameter to yp/product.php. phpCMS versión 2008 sp4, permite a usuarios remotos maliciosos ejecutar comandos php arbitrarios por medio del parámetro pagesize del archivo yp/product.php • https://cwe.mitre.org/data/definitions/95.html • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 5.3EPSS: 0%CPEs: 1EXPL: 1CVE-2020-22200
https://notcve.org/view.php?id=CVE-2020-22200
16 Jun 2021 — Directory Traversal vulnerability in phpCMS 9.1.13 via the q parameter to public_get_suggest_keyword. Una vulnerabilidad de Salto de Directorios en phpCMS versión 9.1.13, por medio del parámetro q de la función public_get_suggest_keyword • https://github.com/blindkey/cve_like/issues/2 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 1CVE-2020-22199
https://notcve.org/view.php?id=CVE-2020-22199
16 Jun 2021 — SQL Injection vulnerability in phpCMS 2007 SP6 build 0805 via the digg_mod parameter to digg_add.php. Una vulnerabilidad de inyección SQL en phpCMS 2007 SP6 build 0805, por medio del parámetro digg_mod en el archivo digg_add.php • https://github.com/blindkey/cve_like/issues/1 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 4.8EPSS: 0%CPEs: 1EXPL: 2CVE-2019-10027
https://notcve.org/view.php?id=CVE-2019-10027
24 Mar 2019 — PHPCMS 9.6.x through 9.6.3 has XSS via the mailbox (aka E-mail) field on the personal information screen. PHPCMS, desde la versión 9.6.x hasta la 9.6.3, tiene XSS mediante el campo mailbox (también conocido como E-mail) en la pantalla de información personal. • https://github.com/sharemice/phpcms_xss/blob/master/index.html • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 9.8EPSS: 81%CPEs: 1EXPL: 1CVE-2018-19127
https://notcve.org/view.php?id=CVE-2018-19127
09 Nov 2018 — A code injection vulnerability in /type.php in PHPCMS 2008 allows attackers to write arbitrary content to a website cache file with a controllable filename, leading to arbitrary code execution. The PHP code is sent via the template parameter, and is written to a data/cache_template/*.tpl.php file along with a "
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 1CVE-2018-14940
https://notcve.org/view.php?id=CVE-2018-14940
05 Aug 2018 — PHPCMS 9 allows remote attackers to cause a denial of service (resource consumption) via large font_size, height, and width parameters in an api.php?op=checkcode request. PHPCMS 9 permite que atacantes remotos provoquen una denegación de servicio (consumo de recursos) mediante los parámetros grandes font_size, height y width en una petición api.php?op=checkcode. • https://github.com/m0us3Sun/PHPCMS-v9/issues/1 • CWE-400: Uncontrolled Resource Consumption •