Phpyun
Products
1- 5 CVEs
Recent CVEs
5| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2024-54724 | Cri | 0.64 | 9.8 | 0.01 | Jan 9, 2025 | PHPYun before 7.0.2 is vulnerable to code execution through backdoor-restricted arbitrary file writing and file inclusion. | ||
| CVE-2020-23768 | Hig | 0.49 | 7.5 | 0.01 | May 21, 2021 | An information disclosure vulnerability was discovered in alipay_function.php in the log file of Alibaba payment interface on PHPPYUN prior to version 5.0.1. If exploited, this vulnerability will allow attackers to obtain users' personally identifiable information including… | ||
| CVE-2018-18713 | Hig | 0.49 | 7.5 | 0.02 | Oct 29, 2018 | The function down_sql_action() in /admin/model/database.class.php in PHPYun 4.6 allows remote attackers to read arbitrary files via directory traversal in an m=database&c=down_sql&name=../ URI. | ||
| CVE-2018-18626 | Hig | 0.49 | 7.5 | 0.01 | Oct 23, 2018 | An issue was discovered in PHPYun V4.6. There is a vulnerability that can delete any file or directory via the "admin/index.php?m=database&c=del" sql parameter because del_action() in admin/model/database.class.php mishandles this parameter. | ||
| CVE-2010-4796 | 0.00 | — | 0.01 | Apr 27, 2011 | Multiple SQL injection vulnerabilities in PHPYun 1.1.6 allow remote attackers to execute arbitrary SQL commands via the (1) provinceid parameter to search.php and the (2) e parameter to resumeview.php. |
- risk 0.64cvss 9.8epss 0.01
PHPYun before 7.0.2 is vulnerable to code execution through backdoor-restricted arbitrary file writing and file inclusion.
- risk 0.49cvss 7.5epss 0.01
An information disclosure vulnerability was discovered in alipay_function.php in the log file of Alibaba payment interface on PHPPYUN prior to version 5.0.1. If exploited, this vulnerability will allow attackers to obtain users' personally identifiable information including…
- risk 0.49cvss 7.5epss 0.02
The function down_sql_action() in /admin/model/database.class.php in PHPYun 4.6 allows remote attackers to read arbitrary files via directory traversal in an m=database&c=down_sql&name=../ URI.
- risk 0.49cvss 7.5epss 0.01
An issue was discovered in PHPYun V4.6. There is a vulnerability that can delete any file or directory via the "admin/index.php?m=database&c=del" sql parameter because del_action() in admin/model/database.class.php mishandles this parameter.
- CVE-2010-4796Apr 27, 2011risk 0.00cvss —epss 0.01
Multiple SQL injection vulnerabilities in PHPYun 1.1.6 allow remote attackers to execute arbitrary SQL commands via the (1) provinceid parameter to search.php and the (2) e parameter to resumeview.php.