Yeager Cms

yeager_cms

Vendor: Yeager • 5 CVEs

CVEs (5)

CVE VENDORS PRODUCTS UPDATED PUBLISHED CVSS
CVE-2015-7567 1Yeager 1Yeager Cms Nov 21, 2024 Feb 18, 2020 N/A· v4 9.8 CRITICAL· v3 7.5 HIGH· v2 SQL injection vulnerability in Yeager CMS 1.2.1 allows remote attackers to execute arbitrary SQL commands via the "passwordreset&token" parameter.
CVE-2015-7571 1Yeager 1Yeager Cms May 13, 2026 Aug 7, 2017 N/A· v4 7.8 HIGH· v3 6.8 MEDIUM· v2 Unrestricted file upload vulnerability in Yeager CMS 1.2.1 allows remote attackers to execute arbitrary code by uploading a file with an executable extension.
CVE-2015-7570 1Yeager 1Yeager Cms May 13, 2026 Apr 24, 2017 N/A· v4 7.2 HIGH· v3 6.4 MEDIUM· v2 Multiple server-side request forgery (SSRF) vulnerabilities in Yeager CMS 1.2.1 allow remote attackers to trigger outbound requests and enumerate open ports via the dbhost parameter to libs/org/adodb_lite/tests/test_adod...Show more Multiple server-side request forgery (SSRF) vulnerabilities in Yeager CMS 1.2.1 allow remote attackers to trigger outbound requests and enumerate open ports via the dbhost parameter to libs/org/adodb_lite/tests/test_adodb_lite.php, libs/org/adodb_lite/tests/test_datadictionary.php, or libs/org/adodb_lite/tests/test_adodb_lite_sessions.php.Show less
CVE-2015-7569 1Yeager 1Yeager Cms May 13, 2026 Apr 24, 2017 N/A· v4 8.8 HIGH· v3 7.5 HIGH· v2 SQL injection vulnerability in "yeager/y.php/tab_USERLIST" in Yeager CMS 1.2.1 allows local users to execute arbitrary SQL commands via the "pagedir_orderby" parameter.
CVE-2015-7568 1Yeager 1Yeager Cms May 13, 2026 Apr 24, 2017 N/A· v4 9.8 CRITICAL· v3 7.5 HIGH· v2 SQL injection vulnerability in the password recovery feature in Yeager CMS 1.2.1 allows remote attackers to change the account credentials of known users via the "userEmail" parameter.