← Back

Yxtcmf

yxtcmf

2 CVEs • 1 product

Products (1)

Click to collapse
Toggle
Yxtcmf
yxtcmf
2 CVEs

CVEs (2)

CVE
VENDORS
PRODUCTS
UPDATED
PUBLISHED
CVSS
CVE-2018-7733
1Yxtcmf
1Yxtcmf
Jun 17, 2026
Mar 6, 2018
N/A· v4
8.8 HIGH· v3
6.8 MEDIUM· v2
An issue was discovered in YxtCMF 3.1. RbacController.class.php has CSRF, as demonstrated by modifying an administrator account via index.php/admin/user/add_post.html.
CVE-2018-7732
1Yxtcmf
1Yxtcmf
Jun 17, 2026
Mar 6, 2018
N/A· v4
9.8 CRITICAL· v3
7.5 HIGH· v2
An issue was discovered in YxtCMF 3.1. SQL Injection exists in ShitiController.class.php via the ids array parameter to exam/shiti/delshiti.html.