Youke365
Products
1- 4 CVEs
Recent CVEs
4| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2018-18242 | Cri | 0.64 | 9.8 | 0.01 | Oct 11, 2018 | youke365 v1.1.5 has SQL injection via admin/login.html, as demonstrated by username=admin&pass=123456&code=9823&act=login&submit=%E7%99%BB+%E9%99%86. | ||
| CVE-2018-18215 | Hig | 0.57 | 8.8 | 0.00 | Oct 11, 2018 | In youke365 v1.1.5, admin/user.html has a CSRF vulnerability that can add an user account. | ||
| CVE-2024-0304 | Med | 0.41 | 6.3 | 0.01 | Jan 8, 2024 | A vulnerability has been found in Youke365 up to 1.5.3 and classified as critical. Affected by this vulnerability is an unknown functionality of the file /app/api/controller/collect.php. The manipulation of the argument url leads to server-side request forgery. The attack can be… | ||
| CVE-2024-0303 | Med | 0.41 | 6.3 | 0.01 | Jan 8, 2024 | A vulnerability, which was classified as critical, was found in Youke365 up to 1.5.3. Affected is an unknown function of the file /app/api/controller/caiji.php of the component Parameter Handler. The manipulation of the argument url leads to server-side request forgery. It is… |
- risk 0.64cvss 9.8epss 0.01
youke365 v1.1.5 has SQL injection via admin/login.html, as demonstrated by username=admin&pass=123456&code=9823&act=login&submit=%E7%99%BB+%E9%99%86.
- risk 0.57cvss 8.8epss 0.00
In youke365 v1.1.5, admin/user.html has a CSRF vulnerability that can add an user account.
- risk 0.41cvss 6.3epss 0.01
A vulnerability has been found in Youke365 up to 1.5.3 and classified as critical. Affected by this vulnerability is an unknown functionality of the file /app/api/controller/collect.php. The manipulation of the argument url leads to server-side request forgery. The attack can be…
- risk 0.41cvss 6.3epss 0.01
A vulnerability, which was classified as critical, was found in Youke365 up to 1.5.3. Affected is an unknown function of the file /app/api/controller/caiji.php of the component Parameter Handler. The manipulation of the argument url leads to server-side request forgery. It is…