Shodan
Vulnerabilities
Vulnerable Software
Phpcms:  Security Vulnerabilities
CVE-2013-5939
Multiple cross-site scripting (XSS) vulnerabilities in the Guestbook module for PHPCMS allow remote attackers to inject arbitrary web script or HTML via the (1) list or (2) introduce parameter to index.php.
CVSS Score
4.3
EPSS Score
0.003
Published
2014-05-14
CVE-2011-0644
SQL injection vulnerability in include/admin/model_field.class.php in PHPCMS 2008 V2 allows remote attackers to execute arbitrary SQL commands via the modelid parameter to flash_upload.php.
CVSS Score
7.5
EPSS Score
0.002
Published
2011-01-25
CVE-2011-0645
SQL injection vulnerability in data.php in PHPCMS 2008 V2 allows remote attackers to execute arbitrary SQL commands via the where_time parameter in a get action.
CVSS Score
7.5
EPSS Score
0.001
Published
2011-01-25
CVE-2008-0513
Directory traversal vulnerability in parser/include/class.cache_phpcms.php in phpCMS 1.2.2 allows remote attackers to read arbitrary files via a .. (dot dot) in the file parameter to parser/parser.php, as demonstrated by a filename ending with %00.gif, a different vector than CVE-2005-1840.
CVSS Score
7.8
EPSS Score
0.058
Published
2008-01-31
CVE-2006-3019
Multiple PHP remote file inclusion vulnerabilities in phpCMS 1.2.1pl2 allow remote attackers to execute arbitrary PHP code via a URL in the PHPCMS_INCLUDEPATH parameter to files in parser/include/ including (1) class.parser_phpcms.php, (2) class.session_phpcms.php, (3) class.edit_phpcms.php, (4) class.http_indexer_phpcms.php, (5) class.cache_phpcms.php, (6) class.search_phpcms.php, (7) class.lib_indexer_universal_phpcms.php, and (8) class.layout_phpcms.php, (9) parser/plugs/counter.php, and (10) parser/parser.php. NOTE: the class.cache_phpcms.php vector was also reported to affect 1.1.7.
CVSS Score
7.5
EPSS Score
0.038
Published
2006-06-15
CVE-2005-1840
Directory traversal vulnerability in class.layout_phpcms.php in phpCMS 1.2.x before 1.2.1pl2 allows remote attackers to read or include arbitrary files, as demonstrated using a .. (dot dot) in the language parameter to parser.php.
CVSS Score
5.0
EPSS Score
0.011
Published
2005-06-02
CVE-2004-1202
Cross-site scripting (XSS) vulnerability in parser.php in phpCMS 1.2.1 and earlier, with non-stealth and debug modes enabled, allows remote attackers to inject arbitrary web script or HTML via the file parameter.
CVSS Score
6.8
EPSS Score
0.013
Published
2005-01-10
CVE-2004-1203
parser.php in phpCMS 1.2.1 and earlier, with non-stealth and debug modes enabled, allows remote attackers to gain sensitive information via an invalid file parameter, which reveals the web server's installation path.
CVSS Score
5.0
EPSS Score
0.004
Published
2005-01-10


Products
Pricing
Contact Us

Shodan ® - All rights reserved