VYPR
Vendor

Wanglongcn

Products
2
CVEs
7
Across products
7
Status
Private

Products

2

Recent CVEs

7
  • CVE-2025-9400MedAug 25, 2025
    risk 0.41cvss 6.3epss 0.00

    A flaw has been found in YiFang CMS up to 2.0.5. This affects the function mergeMultipartUpload of the file app/utils/base/plugin/P_file.php. This manipulation of the argument File causes unrestricted upload. Remote exploitation of the attack is possible. The exploit has been…

  • CVE-2025-9399MedAug 25, 2025
    risk 0.41cvss 6.3epss 0.00

    A vulnerability was detected in YiFang CMS up to 2.0.5. Affected by this issue is some unknown functionality of the file app/logic/L_tool.php. The manipulation of the argument new_url results in sql injection. The attack may be launched remotely. The exploit is now public and…

  • CVE-2025-11136MedSep 29, 2025
    risk 0.31cvss 4.7epss 0.00

    A flaw has been found in YiFang CMS up to 2.0.2. The impacted element is the function webUploader of the file app/app/controller/File.php of the component Backend. Executing manipulation of the argument uploadpath can lead to unrestricted upload. The attack can be launched…

  • CVE-2024-7743Aug 13, 2024
    risk 0.00cvss epss 0.01

    A vulnerability was found in wanglongcn ltcms 1.0.20. It has been declared as critical. Affected by this vulnerability is the function downloadUrl of the file /api/file/downloadUrl of the component API Endpoint. The manipulation of the argument file leads to server-side request…

  • CVE-2024-7742Aug 13, 2024
    risk 0.00cvss epss 0.01

    A vulnerability was found in wanglongcn ltcms 1.0.20. It has been classified as critical. Affected is the function multiDownload of the file /api/file/multiDownload of the component API Endpoint. The manipulation of the argument file leads to server-side request forgery. It is…

  • CVE-2024-7741Aug 13, 2024
    risk 0.00cvss epss 0.01

    A vulnerability was found in wanglongcn ltcms 1.0.20 and classified as critical. This issue affects the function downloadFile of the file /api/file/downloadfile of the component API Endpoint. The manipulation of the argument file leads to path traversal. The attack may be…

  • CVE-2024-7740Aug 13, 2024
    risk 0.00cvss epss 0.01

    A vulnerability has been found in wanglongcn ltcms 1.0.20 and classified as critical. This vulnerability affects the function download of the file /api/test/download of the component API Endpoint. The manipulation of the argument url leads to server-side request forgery. The…