VYPR

Yifang

by Wanglongcn

CVEs (3)

  • CVE-2025-9400MedAug 25, 2025
    risk 0.41cvss 6.3epss 0.00

    A flaw has been found in YiFang CMS up to 2.0.5. This affects the function mergeMultipartUpload of the file app/utils/base/plugin/P_file.php. This manipulation of the argument File causes unrestricted upload. Remote exploitation of the attack is possible. The exploit has been…

  • CVE-2025-9399MedAug 25, 2025
    risk 0.41cvss 6.3epss 0.00

    A vulnerability was detected in YiFang CMS up to 2.0.5. Affected by this issue is some unknown functionality of the file app/logic/L_tool.php. The manipulation of the argument new_url results in sql injection. The attack may be launched remotely. The exploit is now public and…

  • CVE-2025-11136MedSep 29, 2025
    risk 0.31cvss 4.7epss 0.00

    A flaw has been found in YiFang CMS up to 2.0.2. The impacted element is the function webUploader of the file app/app/controller/File.php of the component Backend. Executing manipulation of the argument uploadpath can lead to unrestricted upload. The attack can be launched…