Approved changes feed: RSS · Atom

cpe:2.3:a:n/a:phpems:*:*:*:*:*:*:*:*

part: a version: * update: *

VendorN/A (22f567d3-1203-528c-8f0e-3eb9c2f6ca78)
ProductPhpems (3cd7243a-5649-52e9-a535-761c71f84350)
Edition*
Language*
Software edition*
Target software*
Target hardware*
Other*
NotesImported from gcve-enriched-dumps CVE data

PURL mappings

PURLSourceLast updated
No PURL mappings for this CPE yet.

Vulnerability references

IdentifiercpeApplicabilitySubmitteddb.gcve.eu detailsRationale
CVE:CVE-2024-1353 vulnerable 2026-06-08 06:25:39.878192 PHPEMS index.api.php index deserialization
MEDIUM (6.3)
A vulnerability, which was classified as critical, has been found in PHPEMS up to 1.0. Affected by this issue is the function index of the file app/weixin/controller/index.api.php. The manipulation of the argument picurl leads to deserialization. The exploit has been disclosed to the public and may be used. VDB-253226 is the identifier assigned to this vulnerability.
Published: 2024-02-09T00:31:06.389Z
Updated: 2025-05-08T18:27:24.611Z
Reference links
Imported from gcve-enriched-dumps CVE data
CVE:CVE-2023-6654 vulnerable 2026-06-08 06:21:55.220059 PHPEMS Session Data session.cls.php deserialization
MEDIUM (6.3)
A vulnerability classified as critical was found in PHPEMS 6.x/7.x/8.x/9.0. Affected by this vulnerability is an unknown functionality in the library lib/session.cls.php of the component Session Data Handler. The manipulation leads to deserialization. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-247357 was assigned to this vulnerability.
Published: 2023-12-10T15:00:05.030Z
Updated: 2024-08-28T15:18:27.567Z
Reference links
Imported from gcve-enriched-dumps CVE data
CVE:CVE-2023-6472 vulnerable 2026-06-08 06:19:47.443021 PHPEMS Content Section api.cls.php cross site scripting
LOW (2.4)
A vulnerability, which was classified as problematic, has been found in PHPEMS 7.0. This issue affects some unknown processing of the file app\content\cls\api.cls.php of the component Content Section Handler. The manipulation leads to cross site scripting. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-246629 was assigned to this vulnerability.
Published: 2023-12-02T18:31:03.772Z
Updated: 2024-08-02T08:28:21.802Z
Reference links
Imported from gcve-enriched-dumps CVE data

Contribute

You can submit an edit proposal for this CPE entry or suggest a related product/vendor addition using the action button above.