VYPR

YxtCMF

by YxtCMF

CVEs (2)

  • CVE-2018-7732CriMar 6, 2018
    risk 0.64cvss 9.8epss 0.01

    An issue was discovered in YxtCMF 3.1. SQL Injection exists in ShitiController.class.php via the ids array parameter to exam/shiti/delshiti.html.

  • CVE-2018-7733HigMar 6, 2018
    risk 0.57cvss 8.8epss 0.00

    An issue was discovered in YxtCMF 3.1. RbacController.class.php has CSRF, as demonstrated by modifying an administrator account via index.php/admin/user/add_post.html.