Lucene search
+L

59 matches found

CNVD
CNVD
added 2021/02/03 12:0 a.m.24 views

YCCMS file upload vulnerability

Yccms is a Php-based lightweight CMS builder from the Yccms team. yccms 3.3 has a file upload vulnerability, which stems from an error in the xhUp function's determination of request parameters and can be exploited by attackers to cause remote code execution...

9.8CVSS4.3AI score0.02827EPSS
Exploits1References1
CNVD
CNVD
added 2021/02/03 12:0 a.m.14 views

YCCMS path traversal vulnerability

YCCMS is a Php-based lightweight CMS builder from the Yccms team. YCCMS 3.3 has a path traversal vulnerability, which stems from an error in the judgment of request parameters by the delete, deletesite, and deleteAll functions. No detailed vulnerability details are available...

7.5CVSS2.5AI score0.0133EPSS
Exploits1References1
OSV
OSV
added 2021/02/01 6:15 p.m.3 views

CVE-2020-20290

Directory traversal vulnerability in the yccms 3.3 project. The delete, deletesite, and deleteAll functions' improper judgment of the request parameters, triggers a directory traversal vulnerability...

7.5CVSS7.1AI score0.0133EPSS
Exploits1References1
NVD
NVD
added 2021/02/01 6:15 p.m.24 views

CVE-2020-20290

Directory traversal vulnerability in the yccms 3.3 project. The delete, deletesite, and deleteAll functions' improper judgment of the request parameters, triggers a directory traversal vulnerability...

7.5CVSS7.6AI score0.0133EPSS
Exploits1References1
NVD
NVD
added 2021/02/01 6:15 p.m.21 views

CVE-2020-20287

Unrestricted file upload vulnerability in the yccms 3.3 project. The xhUp function's improper judgment of the request parameters, triggers remote code execution...

9.8CVSS9.9AI score0.02827EPSS
Exploits1References2
OSV
OSV
added 2021/02/01 6:15 p.m.3 views

CVE-2020-20287

Unrestricted file upload vulnerability in the yccms 3.3 project. The xhUp function's improper judgment of the request parameters, triggers remote code execution...

9.8CVSS6AI score0.02827EPSS
Exploits1References2
NVD
NVD
added 2021/02/01 6:15 p.m.13 views

CVE-2020-20289

Sql injection vulnerability in the yccms 3.3 project. The notop function's improper judgment of the request parameters, triggers a sql injection vulnerability...

9.8CVSS9.6AI score0.01133EPSS
Exploits1References2
OSV
OSV
added 2021/02/01 6:15 p.m.5 views

CVE-2020-20289

Sql injection vulnerability in the yccms 3.3 project. The notop function's improper judgment of the request parameters, triggers a sql injection vulnerability...

9.8CVSS7.3AI score0.01133EPSS
Exploits1References2
Prion
Prion
added 2021/02/01 6:15 p.m.21 views

Unrestricted file upload

Unrestricted file upload vulnerability in the yccms 3.3 project. The xhUp function's improper judgment of the request parameters, triggers remote code execution...

7.5CVSS9.7AI score0.02827EPSS
Exploits1References2Affected Software1
Prion
Prion
added 2021/02/01 6:15 p.m.24 views

Sql injection

Sql injection vulnerability in the yccms 3.3 project. The notop function's improper judgment of the request parameters, triggers a sql injection vulnerability...

7.5CVSS9.4AI score0.01133EPSS
Exploits1References2Affected Software1
CVE
CVE
added 2021/02/01 5:38 p.m.50 views

CVE-2020-20287

CVE-2020-20287 affects the yccms 3.3 project, with an unrestricted file upload vulnerability in the internal xhUp function caused by its improper judgment of request parameters. This can lead to remote code execution. Exploitation details are not fully provided in the initial documents, but multi...

9.8CVSS9.8AI score0.02827EPSS
Exploits1References2Affected Software1
Cvelist
Cvelist
added 2021/02/01 5:38 p.m.25 views

CVE-2020-20287

Unrestricted file upload vulnerability in the yccms 3.3 project. The xhUp function's improper judgment of the request parameters, triggers remote code execution...

9.9AI score0.02827EPSS
Exploits1References2
Cvelist
Cvelist
added 2021/02/01 5:38 p.m.18 views

CVE-2020-20289

Sql injection vulnerability in the yccms 3.3 project. The notop function's improper judgment of the request parameters, triggers a sql injection vulnerability...

9.6AI score0.01133EPSS
Exploits1References2
CVE
CVE
added 2021/02/01 5:38 p.m.53 views

CVE-2020-20289

CVE-2020-20289 affects yccms version 3.3, with the vulnerability in the no_top (no top) function where improper judgment of request parameters enables SQL injection. This is documented in PT-2021-10472, which describes how the issue arises from parameter handling and suggests a temporary workarou...

9.8CVSS9.5AI score0.01133EPSS
Exploits1References2Affected Software1
Cvelist
Cvelist
added 2021/02/01 5:38 p.m.20 views

CVE-2020-20290

Directory traversal vulnerability in the yccms 3.3 project. The delete, deletesite, and deleteAll functions' improper judgment of the request parameters, triggers a directory traversal vulnerability...

7.6AI score0.0133EPSS
Exploits1References1
CVE
CVE
added 2021/02/01 5:38 p.m.50 views

CVE-2020-20290

CVE-2020-20290 affects YCCMS 3.3. The issue is a directory traversal vulnerability caused by improper judgment of request parameters in the delete, deletesite, and deleteAll functions. This can allow unauthorized access to filesystem paths via crafted requests. Multiple sources (NVD, Red Hat advi...

7.5CVSS7.5AI score0.0133EPSS
Exploits1References1Affected Software1
Positive Technologies
Positive Technologies
added 2021/02/01 12:0 a.m.7 views

PT-2021-10472 · Yccms · Yccms

Name of the Vulnerable Software and Affected Versions: yccms version 3.3 Description: The issue arises from the no top function's improper judgment of the request parameters, leading to a sql injection vulnerability. This allows for potential exploitation by manipulating request parameters...

9.8CVSS9.7AI score0.01133EPSS
Exploits1References5
CNNVD
CNNVD
added 2021/02/01 12:0 a.m.7 views

yccms project 路径遍历漏洞

YCCMS is a Php-based lightweight CMS builder from the Yccms team. YCCMS 3.3 has a path traversal vulnerability, which stems from an error in the judgment of request parameters by the delete, deletesite, and deleteAll functions. No detailed vulnerability details are available...

7.5CVSS7.1AI score0.0133EPSS
Exploits1References2
CNNVD
CNNVD
added 2021/02/01 12:0 a.m.9 views

yccms 代码问题漏洞

Yccms is a Php-based lightweight CMS builder from the Yccms team. yccms 3.3 has a file upload vulnerability, which stems from an error in the xhUp function's determination of request parameters and can be exploited by attackers to cause remote code execution...

9.8CVSS7.6AI score0.02827EPSS
Exploits1References3
Positive Technologies
Positive Technologies
added 2021/02/01 12:0 a.m.7 views

PT-2021-10471 · Yccms · Yccms

Name of the Vulnerable Software and Affected Versions: yccms version 3.3 Description: The issue is related to an unrestricted file upload vulnerability. It is caused by the xhUp function's improper judgment of the request parameters, which can trigger remote code execution. Recommendations: For...

9.8CVSS9.7AI score0.02827EPSS
Exploits1References5
Rows per page
Query Builder