Phpwcms
CVE-2018-12990
MEDIUM
Severity by source
AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
Primary rating from NVD · only source for this CVE.
CVSS VectorNVD
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
Lifecycle Timeline
1DescriptionNVD
phpwcms 1.8.9 allows remote attackers to discover the installation path via an invalid csrf_token_value field.
AnalysisAI
phpwcms 1.8.9 allows remote attackers to discover the installation path via an invalid csrf_token_value field. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.
Technical ContextAI
This vulnerability is classified as Exposure of Sensitive Information (CWE-200), which allows attackers to access sensitive data that should not be disclosed. phpwcms 1.8.9 allows remote attackers to discover the installation path via an invalid csrf_token_value field. Affected products include: Phpwcms.
RemediationAI
No vendor patch is available at time of analysis. Monitor vendor advisories for updates. Minimize information in error messages, implement proper access controls, encrypt sensitive data at rest and in transit.
Critical remote code execution vulnerability in slackero phpwcms affecting versions up to 1.9.45 and 1.10.8. The vulnera
A vulnerability was found in slackero phpwcms up to 1.9.45/1.10.8. It has been rated as critical. This issue affects the
Phpwcms versions up to 1.9.30 is affected by unrestricted upload of file with dangerous type (CVSS 5.4).
phpwcms 1.8.9 has XSS in include/inc_tmpl/admin.edituser.tmpl.php and include/inc_tmpl/admin.newuser.tmpl.php via the us
Same weakness CWE-200 – Information Exposure
View allSame technique Information Disclosure
View allShare
External POC / Exploit Code
Leaving vuln.today