Ayacms

ayacms

CVEs (9)

CVE VENDORS PRODUCTS UPDATED PUBLISHED CVSS
CVE-2022-48116 1Ayacms Project 1Ayacms Mar 28, 2025 Jan 27, 2023 N/A· v4 7.2 HIGH· v3 N/A· v2 AyaCMS v3.1.2 was discovered to contain a remote code execution (RCE) vulnerability via the component /admin/tpl_edit.inc.php.
CVE-2022-47926 1Ayacms Project 1Ayacms Apr 15, 2025 Dec 22, 2022 N/A· v4 9.8 CRITICAL· v3 N/A· v2 AyaCMS 3.1.2 is vulnerable to file deletion via /aya/module/admin/fst_del.inc.php
CVE-2022-46102 1Ayacms Project 1Ayacms Apr 15, 2025 Dec 22, 2022 N/A· v4 9.8 CRITICAL· v3 N/A· v2 AyaCMS 3.1.2 is vulnerable to Arbitrary file upload via /aya/module/admin/fst_down.inc.php
CVE-2022-46101 1Ayacms Project 1Ayacms Apr 15, 2025 Dec 22, 2022 N/A· v4 8.8 HIGH· v3 N/A· v2 AyaCMS v3.1.2 was found to have a code flaw in the ust_sql.inc.php file, which allows attackers to cause command execution by inserting malicious code.
CVE-2022-45550 1Ayacms Project 1Ayacms Apr 23, 2025 Dec 7, 2022 N/A· v4 9.8 CRITICAL· v3 N/A· v2 AyaCMS 3.1.2 is vulnerable to Remote Code Execution (RCE).
CVE-2022-45548 1Ayacms Project 1Ayacms Apr 23, 2025 Dec 6, 2022 N/A· v4 8.8 HIGH· v3 N/A· v2 AyaCMS v3.1.2 has an Arbitrary File Upload vulnerability.
CVE-2022-43074 1Ayacms Project 1Ayacms May 1, 2025 Nov 10, 2022 N/A· v4 9.8 CRITICAL· v3 N/A· v2 AyaCMS v3.1.2 was discovered to contain an arbitrary file upload vulnerability via the component /admin/fst_upload.inc.php. This vulnerability allows attackers to execute arbitrary code via a crafted PHP file.
CVE-2021-44238 1Ayacms Project 1Ayacms Nov 21, 2024 Mar 1, 2022 N/A· v4 7.2 HIGH· v3 6.5 MEDIUM· v2 AyaCMS 3.1.2 is vulnerable to Remote Code Execution (RCE) via /aya/module/admin/ust_tab_e.inc.php,
CVE-2020-23686 1Ayacms Project 1Ayacms Nov 21, 2024 Nov 2, 2021 N/A· v4 8.8 HIGH· v3 6.8 MEDIUM· v2 Cross site request forgery (CSRF) vulnerability in AyaCMS 3.1.2 allows attackers to change an administrators password or other unspecified impacts.