VYPR
Vendor

Yifangcms

Products
2
CVEs
13
Across products
16
Status
Private

Products

2

Recent CVEs

13
  • CVE-2025-9400MedAug 25, 2025
    risk 0.41cvss 6.3epss 0.00

    A flaw has been found in YiFang CMS up to 2.0.5. This affects the function mergeMultipartUpload of the file app/utils/base/plugin/P_file.php. This manipulation of the argument File causes unrestricted upload. Remote exploitation of the attack is possible. The exploit has been…

  • CVE-2025-9399MedAug 25, 2025
    risk 0.41cvss 6.3epss 0.00

    A vulnerability was detected in YiFang CMS up to 2.0.5. Affected by this issue is some unknown functionality of the file app/logic/L_tool.php. The manipulation of the argument new_url results in sql injection. The attack may be launched remotely. The exploit is now public and…

  • CVE-2025-11136MedSep 29, 2025
    risk 0.31cvss 4.7epss 0.00

    A flaw has been found in YiFang CMS up to 2.0.2. The impacted element is the function webUploader of the file app/app/controller/File.php of the component Backend. Executing manipulation of the argument uploadpath can lead to unrestricted upload. The attack can be launched…

  • CVE-2026-6633LowApr 20, 2026
    risk 0.23cvss 3.5epss 0.00

    A security flaw has been discovered in Yifang CMS up to 2.0.5. The impacted element is the function store of the file plugins/yifang_backend_account/logic/admin/L_rbac_admin.php of the component Extended Management Module. The manipulation of the argument Account results in…

  • CVE-2026-3743LowMar 8, 2026
    risk 0.23cvss 3.5epss 0.00

    A flaw has been found in YiFang CMS 2.0.5. This affects the function update of the file app/db/admin/D_singlePageGroup.php. Executing a manipulation of the argument Name can lead to cross site scripting. It is possible to launch the attack remotely. The exploit has been…

  • CVE-2026-3742LowMar 8, 2026
    risk 0.23cvss 3.5epss 0.00

    A vulnerability was detected in YiFang CMS 2.0.5. The impacted element is the function update of the file app/db/admin/D_singlePage.php. Performing a manipulation of the argument Title results in cross site scripting. It is possible to initiate the attack remotely. The exploit…

  • CVE-2026-3741LowMar 8, 2026
    risk 0.23cvss 3.5epss 0.00

    A security vulnerability has been detected in YiFang CMS 2.0.5. The affected element is the function update of the file app/db/admin/D_friendLink.php. Such manipulation of the argument linkName leads to cross site scripting. The attack may be performed from remote. The exploit…

  • CVE-2026-2934LowFeb 22, 2026
    risk 0.16cvss 2.4epss 0.00

    A security vulnerability has been detected in YiFang CMS up to 2.0.5. This impacts the function update of the file app/db/admin/D_friendLinkGroup.php of the component Extended Management Module. The manipulation of the argument Name leads to cross site scripting. It is possible…

  • CVE-2026-2933LowFeb 22, 2026
    risk 0.16cvss 2.4epss 0.00

    A weakness has been identified in YiFang CMS up to 2.0.5. This affects the function update of the file app/db/admin/D_adManage.php of the component Extended Management Module. Executing a manipulation of the argument Name can lead to cross site scripting. The attack may be…

  • CVE-2026-2932LowFeb 22, 2026
    risk 0.16cvss 2.4epss 0.00

    A security flaw has been discovered in YiFang CMS up to 2.0.5. The impacted element is the function update of the file app/db/admin/D_adPosition.php of the component Extended Management Module. Performing a manipulation of the argument name/index results in cross site scripting.…

  • CVE-2025-9398Aug 24, 2025
    risk 0.00cvss epss 0.00

    A security vulnerability has been detected in YiFang CMS up to 2.0.5. Affected by this vulnerability is the function exportInstallTable of the file app/utils/base/database/Migrate.php. The manipulation leads to information disclosure. The attack may be initiated remotely. The…

  • CVE-2025-5383May 31, 2025
    risk 0.00cvss epss 0.00

    A vulnerability was found in Yifang CMS up to 2.0.2 and classified as problematic. Affected by this issue is some unknown functionality of the component Article Management Module. The manipulation of the argument Default Value leads to cross site scripting. The attack may be…

  • CVE-2025-45887May 9, 2025
    risk 0.00cvss epss 0.00

    Yifang CMS v2.0.2 is vulnerable to Server-Side Request Forgery (SSRF) in /api/file/getRemoteContent.