Yzmcms

yzmcms

47 CVEs • 1 product

Products (1)

Click to collapse

Toggle

CVEs (47)

CVE VENDORS PRODUCTS UPDATED PUBLISHED CVSS
CVE-2018-10223 1Yzmcms 1Yzmcms Nov 21, 2024 Apr 19, 2018 N/A· v4 6.8 MEDIUM· v3 6.0 MEDIUM· v2 An issue was discovered in YzmCMS 3.8. There is a CSRF vulnerability that can add an admin account via /index.php/admin/admin_manage/add.html.
CVE-2018-10026 1Yzmcms 1Yzmcms Nov 21, 2024 Apr 11, 2018 N/A· v4 4.8 MEDIUM· v3 3.5 LOW· v2 The WeChat module in YzmCMS 3.7.1 has reflected XSS via the admin/module/init.html echostr parameter, related to the valid function in application/wechat/controller/index.class.php.
CVE-2018-8756 1Yzmcms 1Yzmcms Nov 21, 2024 Mar 18, 2018 N/A· v4 7.2 HIGH· v3 6.5 MEDIUM· v2 Eval injection in yzmphp/core/function/global.func.php in YzmCMS v3.7.1 allows remote attackers to achieve arbitrary code execution via PHP code in the POST data of an index.php?m=member&c=member_content&a=init request.
CVE-2018-8078 1Yzmcms 1Yzmcms Nov 21, 2024 Mar 13, 2018 N/A· v4 5.4 MEDIUM· v3 3.5 LOW· v2 YzmCMS 3.7 has Stored XSS via the title parameter to advertisement/adver/edit.html.
CVE-2018-7653 1Yzmcms 1Yzmcms Nov 21, 2024 Mar 4, 2018 N/A· v4 6.1 MEDIUM· v3 4.3 MEDIUM· v2 In YzmCMS 3.6, index.php has XSS via the a, c, or m parameter.
CVE-2018-7579 1Yzmcms 1Yzmcms Nov 21, 2024 Mar 1, 2018 N/A· v4 7.2 HIGH· v3 6.5 MEDIUM· v2 \application\admin\controller\update_urls.class.php in YzmCMS 3.6 has SQL Injection via the catids array parameter to admin/update_urls/update_category_url.html.
CVE-2018-7479 1Yzmcms 1Yzmcms Nov 21, 2024 Feb 26, 2018 N/A· v4 5.3 MEDIUM· v3 5.0 MEDIUM· v2 YzmCMS 3.6 allows remote attackers to discover the full path via a direct request to application/install/templates/s1.php.