Show filters
2 Total Results
Displaying 1-2 of 2
Sort by:
Attacker Value
Unknown
CVE-2018-12990
Disclosure Date: June 30, 2018 (last updated November 26, 2024)
phpwcms 1.8.9 allows remote attackers to discover the installation path via an invalid csrf_token_value field.
0
Attacker Value
Unknown
CVE-2017-15872
Disclosure Date: October 24, 2017 (last updated November 26, 2024)
phpwcms 1.8.9 has XSS in include/inc_tmpl/admin.edituser.tmpl.php and include/inc_tmpl/admin.newuser.tmpl.php via the username (aka new_login) field.
0
