Slackero
Products
1- 7 CVEs
Recent CVEs
7| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2018-12990 | Med | 0.35 | 5.3 | 0.01 | Jun 30, 2018 | phpwcms 1.8.9 allows remote attackers to discover the installation path via an invalid csrf_token_value field. | ||
| CVE-2025-5497 | Med | 0.34 | 6.3 | 0.01 | Jun 3, 2025 | A vulnerability was detected in slackero phpwcms up to 1.9.45/1.10.8. The impacted element is an unknown function of the file include/inc_module/mod_feedimport/inc/processing.inc.php of the component Feedimport Module. Performing manipulation of the argument cnt_text results in… | ||
| CVE-2021-47783 | 0.00 | — | 0.00 | Jan 15, 2026 | Phpwcms 1.9.30 contains a file upload vulnerability that allows authenticated attackers to upload malicious SVG files with embedded JavaScript. Attackers can upload crafted SVG payloads through the multiple file upload feature to potentially execute cross-site scripting attacks… | |||
| CVE-2025-5499 | 0.00 | — | 0.01 | Jun 3, 2025 | A vulnerability classified as critical has been found in slackero phpwcms up to 1.9.45/1.10.8. Affected is the function is_file/getimagesize of the file image_resized.php. The manipulation of the argument imgfile leads to deserialization. It is possible to launch the attack… | |||
| CVE-2025-5498 | 0.00 | — | 0.00 | Jun 3, 2025 | A vulnerability was found in slackero phpwcms up to 1.9.45/1.10.8. It has been rated as critical. This issue affects the function file_get_contents/is_file of the file include/inc_lib/content/cnt21.readform.inc.php of the component Custom Source Tab. The manipulation of the… | |||
| CVE-2021-4301 | 0.00 | — | 0.01 | Jan 7, 2023 | A vulnerability was found in slackero phpwcms up to 1.9.26 and classified as critical. Affected by this issue is some unknown functionality. The manipulation of the argument $phpwcms['db_prepend'] leads to sql injection. The attack may be launched remotely. Upgrading to version… | |||
| CVE-2021-4302 | 0.00 | — | 0.01 | Jan 4, 2023 | A vulnerability was found in slackero phpwcms up to 1.9.26. It has been classified as problematic. This affects an unknown part of the component SVG File Handler. The manipulation leads to cross site scripting. It is possible to initiate the attack remotely. Upgrading to version… |
- risk 0.35cvss 5.3epss 0.01
phpwcms 1.8.9 allows remote attackers to discover the installation path via an invalid csrf_token_value field.
- risk 0.34cvss 6.3epss 0.01
A vulnerability was detected in slackero phpwcms up to 1.9.45/1.10.8. The impacted element is an unknown function of the file include/inc_module/mod_feedimport/inc/processing.inc.php of the component Feedimport Module. Performing manipulation of the argument cnt_text results in…
- CVE-2021-47783Jan 15, 2026risk 0.00cvss —epss 0.00
Phpwcms 1.9.30 contains a file upload vulnerability that allows authenticated attackers to upload malicious SVG files with embedded JavaScript. Attackers can upload crafted SVG payloads through the multiple file upload feature to potentially execute cross-site scripting attacks…
- CVE-2025-5499Jun 3, 2025risk 0.00cvss —epss 0.01
A vulnerability classified as critical has been found in slackero phpwcms up to 1.9.45/1.10.8. Affected is the function is_file/getimagesize of the file image_resized.php. The manipulation of the argument imgfile leads to deserialization. It is possible to launch the attack…
- CVE-2025-5498Jun 3, 2025risk 0.00cvss —epss 0.00
A vulnerability was found in slackero phpwcms up to 1.9.45/1.10.8. It has been rated as critical. This issue affects the function file_get_contents/is_file of the file include/inc_lib/content/cnt21.readform.inc.php of the component Custom Source Tab. The manipulation of the…
- CVE-2021-4301Jan 7, 2023risk 0.00cvss —epss 0.01
A vulnerability was found in slackero phpwcms up to 1.9.26 and classified as critical. Affected by this issue is some unknown functionality. The manipulation of the argument $phpwcms['db_prepend'] leads to sql injection. The attack may be launched remotely. Upgrading to version…
- CVE-2021-4302Jan 4, 2023risk 0.00cvss —epss 0.01
A vulnerability was found in slackero phpwcms up to 1.9.26. It has been classified as problematic. This affects an unknown part of the component SVG File Handler. The manipulation leads to cross site scripting. It is possible to initiate the attack remotely. Upgrading to version…