VYPR
Vendor

Yxcms

Products
1
CVEs
5
Across products
5
Status
Private

Products

1

Recent CVEs

5
  • CVE-2018-8761HigMar 19, 2018
    risk 0.49cvss 7.5epss 0.01

    protected\apps\member\controller\shopcarController.php in Yxcms building system (compatible cell phone) v1.4.7 has a logic flaw allowing attackers to modify a price, before form submission, by observing data in a packet capture.

  • CVE-2018-19404HigNov 21, 2018
    risk 0.47cvss 7.2epss 0.02

    In YXcms 1.4.7, protected/apps/appmanage/controller/indexController.php allow remote authenticated Administrators to execute any PHP code by creating a ZIP archive containing a config.php file, hosting the .zip file at an external URL, and visiting…

  • CVE-2018-11003MedMay 12, 2018
    risk 0.42cvss 6.5epss 0.01

    An issue was discovered in YXcms 1.4.7. Cross-site request forgery (CSRF) vulnerability in protected/apps/admin/controller/adminController.php allows remote attackers to delete administrator accounts via index.php?r=admin/admin/admindel.

  • CVE-2018-8805MedMar 20, 2018
    risk 0.40cvss 6.1epss 0.01

    Yxcms building system (compatible cell phone) v1.4.7 has XSS via the content parameter to protected\apps\default\view\default\extend_guestbook.php or protected\apps\default\view\mobile\extend_guestbook.php in an index.php?r=default/column/index&col=guestbook request.

  • CVE-2018-13025MedJun 29, 2018
    risk 0.32cvss 4.9epss 0.01

    protected/apps/admin/controller/photoController.php in YXcms 1.4.7 allows remote attackers to delete arbitrary files via the index.php?r=admin/photo/delpic picname parameter.