Yunucms
Products
1- 15 CVEs
Recent CVEs
15| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2018-19180 | Cri | 0.64 | 9.8 | 0.02 | Nov 11, 2018 | statics/app/index/controller/Install.php in YUNUCMS 1.1.5 (if install.lock is not present) allows remote attackers to execute arbitrary PHP code by placing this code in the index.php?s=index/install/setup2 DB_PREFIX field, which is written to database.php. | ||
| CVE-2018-19181 | Hig | 0.49 | 7.5 | 0.01 | Nov 11, 2018 | statics/ueditor/php/vendor/Local.class.php in YUNUCMS 1.1.5 allows arbitrary file deletion via the statics/ueditor/php/controller.php?action=remove key parameter, as demonstrated by using directory traversal to delete the install.lock file. | ||
| CVE-2020-18445 | Med | 0.40 | 6.1 | 0.01 | Aug 12, 2021 | Cross Site Scripting (XSS) vulnerability exists in YUNUCMS 1.1.9 via the upurl function in Page.php. | ||
| CVE-2019-5311 | Med | 0.40 | 6.1 | 0.01 | Jan 4, 2019 | An issue was discovered in YUNUCMS V1.1.8. app/index/controller/Show.php has an XSS vulnerability via the index.php/index/show/index cw parameter. | ||
| CVE-2019-5310 | Med | 0.40 | 6.1 | 0.01 | Jan 4, 2019 | YUNUCMS 1.1.8 has XSS in app/admin/controller/System.php because crafted data can be written to the sys.php file, as demonstrated by site_title in an admin/system/basic POST request. | ||
| CVE-2018-17322 | Med | 0.40 | 6.1 | 0.01 | Sep 22, 2018 | Cross-site scripting (XSS) vulnerability in index.php/index/category/index in YUNUCMS 1.1.4 allows remote attackers to inject arbitrary web script or HTML via the area parameter. | ||
| CVE-2020-18446 | Med | 0.31 | 4.8 | 0.01 | Aug 12, 2021 | Cross Site Scripting (XSS) vulnerability exists in YUNUCMS 1.1.9 via the param parameter in the insertContent function in ContentModel.php. | ||
| CVE-2018-18726 | Med | 0.31 | 4.8 | 0.01 | Oct 29, 2018 | An XSS issue was discovered in admin/sitelink/editsitelink?id=16 in YUNUCMS 1.1.5. | ||
| CVE-2018-18725 | Med | 0.31 | 4.8 | 0.01 | Oct 29, 2018 | An XSS issue was discovered in admin/banner/editbanner?id=20 in YUNUCMS 1.1.5. | ||
| CVE-2018-18724 | Med | 0.31 | 4.8 | 0.01 | Oct 29, 2018 | An XSS issue was discovered in index.php/admin/category/editcategory?id=73 in YUNUCMS 1.1.5. | ||
| CVE-2018-18723 | Med | 0.31 | 4.8 | 0.01 | Oct 29, 2018 | An XSS issue was discovered in index.php/admin/area/editarea/id/110000 in YUNUCMS 1.1.5. | ||
| CVE-2018-18722 | Med | 0.31 | 4.8 | 0.01 | Oct 29, 2018 | An XSS issue was discovered in admin/content/editcontent?id=29&gopage=1 in YUNUCMS 1.1.5. | ||
| CVE-2018-18721 | Med | 0.31 | 4.8 | 0.01 | Oct 29, 2018 | An XSS issue was discovered in admin/link/editlink?id=5 in YUNUCMS 1.1.5. | ||
| CVE-2018-18720 | Med | 0.31 | 4.8 | 0.01 | Oct 29, 2018 | An XSS issue was discovered in index.php/admin/system/basic in YUNUCMS 1.1.5. | ||
| CVE-2018-9993 | Med | 0.31 | 4.8 | 0.01 | Apr 10, 2018 | YUNUCMS 1.0.7 has XSS via the content title on an admin/content/addcontent/cid/## page (aka a news center page). |
- risk 0.64cvss 9.8epss 0.02
statics/app/index/controller/Install.php in YUNUCMS 1.1.5 (if install.lock is not present) allows remote attackers to execute arbitrary PHP code by placing this code in the index.php?s=index/install/setup2 DB_PREFIX field, which is written to database.php.
- risk 0.49cvss 7.5epss 0.01
statics/ueditor/php/vendor/Local.class.php in YUNUCMS 1.1.5 allows arbitrary file deletion via the statics/ueditor/php/controller.php?action=remove key parameter, as demonstrated by using directory traversal to delete the install.lock file.
- risk 0.40cvss 6.1epss 0.01
Cross Site Scripting (XSS) vulnerability exists in YUNUCMS 1.1.9 via the upurl function in Page.php.
- risk 0.40cvss 6.1epss 0.01
An issue was discovered in YUNUCMS V1.1.8. app/index/controller/Show.php has an XSS vulnerability via the index.php/index/show/index cw parameter.
- risk 0.40cvss 6.1epss 0.01
YUNUCMS 1.1.8 has XSS in app/admin/controller/System.php because crafted data can be written to the sys.php file, as demonstrated by site_title in an admin/system/basic POST request.
- risk 0.40cvss 6.1epss 0.01
Cross-site scripting (XSS) vulnerability in index.php/index/category/index in YUNUCMS 1.1.4 allows remote attackers to inject arbitrary web script or HTML via the area parameter.
- risk 0.31cvss 4.8epss 0.01
Cross Site Scripting (XSS) vulnerability exists in YUNUCMS 1.1.9 via the param parameter in the insertContent function in ContentModel.php.
- risk 0.31cvss 4.8epss 0.01
An XSS issue was discovered in admin/sitelink/editsitelink?id=16 in YUNUCMS 1.1.5.
- risk 0.31cvss 4.8epss 0.01
An XSS issue was discovered in admin/banner/editbanner?id=20 in YUNUCMS 1.1.5.
- risk 0.31cvss 4.8epss 0.01
An XSS issue was discovered in index.php/admin/category/editcategory?id=73 in YUNUCMS 1.1.5.
- risk 0.31cvss 4.8epss 0.01
An XSS issue was discovered in index.php/admin/area/editarea/id/110000 in YUNUCMS 1.1.5.
- risk 0.31cvss 4.8epss 0.01
An XSS issue was discovered in admin/content/editcontent?id=29&gopage=1 in YUNUCMS 1.1.5.
- risk 0.31cvss 4.8epss 0.01
An XSS issue was discovered in admin/link/editlink?id=5 in YUNUCMS 1.1.5.
- risk 0.31cvss 4.8epss 0.01
An XSS issue was discovered in index.php/admin/system/basic in YUNUCMS 1.1.5.
- risk 0.31cvss 4.8epss 0.01
YUNUCMS 1.0.7 has XSS via the content title on an admin/content/addcontent/cid/## page (aka a news center page).