Product
phpcms
21 known vulnerabilities across versions
Vulnerabilities are listed by affected version. Select any CVE for the full briefing and its intelligence graph.
CVE-2025-25960
CVE-2025-25958
CVE-2021-40910
CVE-2022-26613
CVE-2020-18263
CVE-2020-22203
CVE-2020-22201
CVE-2020-22200
CVE-2020-22199
CVE-2019-10027
CVE-2018-19127
CVE-2018-14940
CVE-2018-14399
CVE-2013-5939
CVE-2011-0645
CVE-2011-0644
CVE-2008-0513
CVE-2006-3019
CVE-2005-1840
CVE-2004-1203
CVE-2004-1202
all versions
Cross Site Scripting vulnerability in phpcmsv9 v.9.6.3 allows a remote attacker to escalate privileges via the menu interface of t
all versions
Cross Site Scripting vulnerabilities in phpcmsv9 v.9.6.3 allows a remote attacker to escalate privileges via a crafted script.
all versions
There is a reflective cross-site scripting (XSS) vulnerability in the PHPCMS V9.6.3 management side.
all versions
PHP-CMS v1.0 was discovered to contain a SQL injection vulnerability via the category parameter in categorymenu.php.
all versions
PHP-CMS v1.0 was discovered to contain a SQL injection vulnerability in the component search.php via the search parameter. This vu
all versions
SQL Injection in phpCMS 2008 sp4 via the genre parameter to yp/job.php.
all versions
phpCMS 2008 sp4 allowas remote malicious users to execute arbitrary php commands via the pagesize parameter to yp/product.php.
all versions
Directory Traversal vulnerability in phpCMS 9.1.13 via the q parameter to public_get_suggest_keyword.
all versions
SQL Injection vulnerability in phpCMS 2007 SP6 build 0805 via the digg_mod parameter to digg_add.php.
>= 9.6.0 and <= 9.6.3
PHPCMS 9.6.x through 9.6.3 has XSS via the mailbox (aka E-mail) field on the personal information screen.
all versions
A code injection vulnerability in /type.php in PHPCMS 2008 allows attackers to write arbitrary content to a website cache file wit
all versions
PHPCMS 9 allows remote attackers to cause a denial of service (resource consumption) via large font_size, height, and width parame
all versions
libs\classes\attachment.class.php in PHPCMS 9.6.0 allows remote attackers to upload and execute arbitrary PHP code via a .txt?.php
all versions
Multiple cross-site scripting (XSS) vulnerabilities in the Guestbook module for PHPCMS allow remote attackers to inject arbitrary
all versions
SQL injection vulnerability in data.php in PHPCMS 2008 V2 allows remote attackers to execute arbitrary SQL commands via the where_
all versions
SQL injection vulnerability in include/admin/model_field.class.php in PHPCMS 2008 V2 allows remote attackers to execute arbitrary
all versions
Directory traversal vulnerability in parser/include/class.cache_phpcms.php in phpCMS 1.2.2 allows remote attackers to read arbitra
all versions
Multiple PHP remote file inclusion vulnerabilities in phpCMS 1.2.1pl2 allow remote attackers to execute arbitrary PHP code via a U
all versions
Directory traversal vulnerability in class.layout_phpcms.php in phpCMS 1.2.x before 1.2.1pl2 allows remote attackers to read or in
all versions
parser.php in phpCMS 1.2.1 and earlier, with non-stealth and debug modes enabled, allows remote attackers to gain sensitive inform
all versions
Cross-site scripting (XSS) vulnerability in parser.php in phpCMS 1.2.1 and earlier, with non-stealth and debug modes enabled, allo