Rhymix

rhymix

4 CVEs • 1 product

Products (1)

Click to collapse

Toggle

CVEs (4)

CVE VENDORS PRODUCTS UPDATED PUBLISHED CVSS
CVE-2025-45242 1Rhymix 1Rhymix Jun 17, 2025 May 5, 2025 N/A· v4 7.7 HIGH· v3 N/A· v2 Rhymix v2.1.22 was discovered to contain an arbitrary file deletion vulnerability via the procFileAdminEditImage method in /file/file.admin.controller.php.
CVE-2024-55089 1Rhymix 1Rhymix Feb 20, 2026 Dec 18, 2024 N/A· v4 9.1 CRITICAL· v3 N/A· v2 Rhymix before 2.1.24 is vulnerable to Server-Side Request Forgery (SSRF) in the background import data function because XML documents may contain external entities.
CVE-2018-19601 1Rhymix 1Rhymix Nov 21, 2024 Jan 3, 2019 N/A· v4 9.1 CRITICAL· v3 6.5 MEDIUM· v2 Rhymix CMS 1.9.8.1 allows SSRF via an index.php?module=admin&act=dispModuleAdminFileBox SVG upload.
CVE-2018-19600 1Rhymix 1Rhymix Nov 21, 2024 Jan 3, 2019 N/A· v4 4.8 MEDIUM· v3 3.5 LOW· v2 Rhymix CMS 1.9.8.1 allows XSS via an index.php?module=admin&act=dispModuleAdminFileBox SVG upload.