CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 1CVE-2020-22203
https://notcve.org/view.php?id=CVE-2020-22203
16 Jun 2021 — SQL Injection in phpCMS 2008 sp4 via the genre parameter to yp/job.php. Unainyección SQL en phpCMS versión 2008 sp4 por medio del parámetro genre en el archivo yp/job.php • https://github.com/blindkey/cve_like/issues/6 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 1CVE-2020-22201
https://notcve.org/view.php?id=CVE-2020-22201
16 Jun 2021 — phpCMS 2008 sp4 allowas remote malicious users to execute arbitrary php commands via the pagesize parameter to yp/product.php. phpCMS versión 2008 sp4, permite a usuarios remotos maliciosos ejecutar comandos php arbitrarios por medio del parámetro pagesize del archivo yp/product.php • https://cwe.mitre.org/data/definitions/95.html • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 9.8EPSS: 81%CPEs: 1EXPL: 1CVE-2018-19127
https://notcve.org/view.php?id=CVE-2018-19127
09 Nov 2018 — A code injection vulnerability in /type.php in PHPCMS 2008 allows attackers to write arbitrary content to a website cache file with a controllable filename, leading to arbitrary code execution. The PHP code is sent via the template parameter, and is written to a data/cache_template/*.tpl.php file along with a "