Rhymix
by Rhymix
Source repositories
CVEs (4)
| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2018-19601 | Cri | 0.59 | 9.1 | 0.01 | Jan 3, 2019 | Rhymix CMS 1.9.8.1 allows SSRF via an index.php?module=admin&act=dispModuleAdminFileBox SVG upload. | ||
| CVE-2025-45242 | Hig | 0.50 | 7.7 | 0.00 | May 5, 2025 | Rhymix v2.1.22 was discovered to contain an arbitrary file deletion vulnerability via the procFileAdminEditImage method in /file/file.admin.controller.php. | ||
| CVE-2018-19600 | Med | 0.31 | 4.8 | 0.01 | Jan 3, 2019 | Rhymix CMS 1.9.8.1 allows XSS via an index.php?module=admin&act=dispModuleAdminFileBox SVG upload. | ||
| CVE-2024-55089 | Med | 0.00 | 4.1 | 0.00 | Dec 18, 2024 | Rhymix before 2.1.24 is vulnerable to Server-Side Request Forgery (SSRF) in the background import data function because XML documents may contain external entities. |
- risk 0.59cvss 9.1epss 0.01
Rhymix CMS 1.9.8.1 allows SSRF via an index.php?module=admin&act=dispModuleAdminFileBox SVG upload.
- risk 0.50cvss 7.7epss 0.00
Rhymix v2.1.22 was discovered to contain an arbitrary file deletion vulnerability via the procFileAdminEditImage method in /file/file.admin.controller.php.
- risk 0.31cvss 4.8epss 0.01
Rhymix CMS 1.9.8.1 allows XSS via an index.php?module=admin&act=dispModuleAdminFileBox SVG upload.
- risk 0.00cvss 4.1epss 0.00
Rhymix before 2.1.24 is vulnerable to Server-Side Request Forgery (SSRF) in the background import data function because XML documents may contain external entities.