Yifang

yifang

Vendor: Wanglongcn • 7 CVEs

CVEs (7)

CVE VENDORS PRODUCTS UPDATED PUBLISHED CVSS
CVE-2025-11136 1Wanglongcn 1Yifang Apr 29, 2026 Sep 29, 2025 2.0 LOW· v4 7.2 HIGH· v3 5.8 MEDIUM· v2 A flaw has been found in YiFang CMS up to 2.0.2. The impacted element is the function webUploader of the file app/app/controller/File.php of the component Backend. Executing manipulation of the argument uploadpath can le...Show more A flaw has been found in YiFang CMS up to 2.0.2. The impacted element is the function webUploader of the file app/app/controller/File.php of the component Backend. Executing manipulation of the argument uploadpath can lead to unrestricted upload. The attack can be launched remotely. The exploit has been published and may be used.Show less
CVE-2025-9400 1Wanglongcn 1Yifang Apr 29, 2026 Aug 25, 2025 2.1 LOW· v4 8.8 HIGH· v3 6.5 MEDIUM· v2 A flaw has been found in YiFang CMS up to 2.0.5. This affects the function mergeMultipartUpload of the file app/utils/base/plugin/P_file.php. This manipulation of the argument File causes unrestricted upload. Remote expl...Show more A flaw has been found in YiFang CMS up to 2.0.5. This affects the function mergeMultipartUpload of the file app/utils/base/plugin/P_file.php. This manipulation of the argument File causes unrestricted upload. Remote exploitation of the attack is possible. The exploit has been published and may be used. The vendor was contacted early about this disclosure but did not respond in any way.Show less
CVE-2025-9399 1Wanglongcn 1Yifang Apr 29, 2026 Aug 25, 2025 2.1 LOW· v4 8.8 HIGH· v3 6.5 MEDIUM· v2 A vulnerability was detected in YiFang CMS up to 2.0.5. Affected by this issue is some unknown functionality of the file app/logic/L_tool.php. The manipulation of the argument new_url results in sql injection. The attack...Show more A vulnerability was detected in YiFang CMS up to 2.0.5. Affected by this issue is some unknown functionality of the file app/logic/L_tool.php. The manipulation of the argument new_url results in sql injection. The attack may be launched remotely. The exploit is now public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.Show less
CVE-2025-9398 1Wanglongcn 1Yifang Dec 11, 2025 Aug 25, 2025 5.5 MEDIUM· v4 7.5 HIGH· v3 5.0 MEDIUM· v2 A security vulnerability has been detected in YiFang CMS up to 2.0.5. Affected by this vulnerability is the function exportInstallTable of the file app/utils/base/database/Migrate.php. The manipulation leads to informati...Show more A security vulnerability has been detected in YiFang CMS up to 2.0.5. Affected by this vulnerability is the function exportInstallTable of the file app/utils/base/database/Migrate.php. The manipulation leads to information disclosure. The attack may be initiated remotely. The exploit has been disclosed publicly and may be used. The vendor was contacted early about this disclosure but did not respond in any way.Show less
CVE-2025-5383 1Wanglongcn 1Yifang Jun 9, 2025 May 31, 2025 4.8 MEDIUM· v4 4.8 MEDIUM· v3 3.3 LOW· v2 A vulnerability was found in Yifang CMS up to 2.0.2 and classified as problematic. Affected by this issue is some unknown functionality of the component Article Management Module. The manipulation of the argument Default...Show more A vulnerability was found in Yifang CMS up to 2.0.2 and classified as problematic. Affected by this issue is some unknown functionality of the component Article Management Module. The manipulation of the argument Default Value leads to cross site scripting. The attack may be launched remotely. The exploit has been disclosed to the public and may be used.Show less
CVE-2025-5381 1Wanglongcn 1Yifang Jun 9, 2025 May 31, 2025 5.1 MEDIUM· v4 7.2 HIGH· v3 3.3 LOW· v2 A vulnerability, which was classified as problematic, was found in Yifang CMS up to 2.0.2. Affected is the function downloadFile of the file /api/File/downloadFile of the component Admin Panel. The manipulation of the ar...Show more A vulnerability, which was classified as problematic, was found in Yifang CMS up to 2.0.2. Affected is the function downloadFile of the file /api/File/downloadFile of the component Admin Panel. The manipulation of the argument File leads to path traversal. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used.Show less
CVE-2025-45887 1Wanglongcn 1Yifang Jun 12, 2025 May 9, 2025 N/A· v4 9.1 CRITICAL· v3 N/A· v2 Yifang CMS v2.0.2 is vulnerable to Server-Side Request Forgery (SSRF) in /api/file/getRemoteContent.