VYPR

Chyrp Lite

by Chyrp

Source repositories

CVEs (3)

  • CVE-2026-35174CriApr 6, 2026
    risk 0.59cvss 9.1epss 0.01

    Chyrp Lite is an ultra-lightweight blogging engine. Prior to 2026.01, a path traversal vulnerability exists in the administration console that allows an administrator or a user with Change Settings permission to change the uploads path to any folder. This vulnerability allows…

  • CVE-2017-1000008HigJul 17, 2017
    risk 0.57cvss 8.8epss 0.01

    Chyrp Lite version 2016.04 is vulnerable to a CSRF in the user settings function allowing attackers to hijack the authentication of logged in users to modify account information, including their password.

  • CVE-2026-35173MedApr 6, 2026
    risk 0.42cvss 6.5epss 0.00

    Chyrp Lite is an ultra-lightweight blogging engine. Prior to 2026.01, an IDOR / Mass Assignment issue exists in the Post model that allows authenticated users with post editing permissions (Edit Post, Edit Draft, Edit Own Post, Edit Own Draft) to modify posts they do not own and…