VYPR

Phpwcms

by Slackero

Source repositories

CVEs (7)

  • CVE-2018-12990MedJun 30, 2018
    risk 0.35cvss 5.3epss 0.01

    phpwcms 1.8.9 allows remote attackers to discover the installation path via an invalid csrf_token_value field.

  • CVE-2025-5497MedJun 3, 2025
    risk 0.34cvss 6.3epss 0.01

    A vulnerability was detected in slackero phpwcms up to 1.9.45/1.10.8. The impacted element is an unknown function of the file include/inc_module/mod_feedimport/inc/processing.inc.php of the component Feedimport Module. Performing manipulation of the argument cnt_text results in…

  • CVE-2021-47783Jan 15, 2026
    risk 0.00cvss epss 0.00

    Phpwcms 1.9.30 contains a file upload vulnerability that allows authenticated attackers to upload malicious SVG files with embedded JavaScript. Attackers can upload crafted SVG payloads through the multiple file upload feature to potentially execute cross-site scripting attacks…

  • CVE-2025-5499Jun 3, 2025
    risk 0.00cvss epss 0.01

    A vulnerability classified as critical has been found in slackero phpwcms up to 1.9.45/1.10.8. Affected is the function is_file/getimagesize of the file image_resized.php. The manipulation of the argument imgfile leads to deserialization. It is possible to launch the attack…

  • CVE-2025-5498Jun 3, 2025
    risk 0.00cvss epss 0.00

    A vulnerability was found in slackero phpwcms up to 1.9.45/1.10.8. It has been rated as critical. This issue affects the function file_get_contents/is_file of the file include/inc_lib/content/cnt21.readform.inc.php of the component Custom Source Tab. The manipulation of the…

  • CVE-2021-4301Jan 7, 2023
    risk 0.00cvss epss 0.01

    A vulnerability was found in slackero phpwcms up to 1.9.26 and classified as critical. Affected by this issue is some unknown functionality. The manipulation of the argument $phpwcms['db_prepend'] leads to sql injection. The attack may be launched remotely. Upgrading to version…

  • CVE-2021-4302Jan 4, 2023
    risk 0.00cvss epss 0.01

    A vulnerability was found in slackero phpwcms up to 1.9.26. It has been classified as problematic. This affects an unknown part of the component SVG File Handler. The manipulation leads to cross site scripting. It is possible to initiate the attack remotely. Upgrading to version…