CVE-2018-9993

YUNUCMS 1.0.7 has XSS via the content title on an admin/content/addcontent/cid/ page aka a news center page...

CVE-2018-19180

statics/app/index/controller/Install.php in YUNUCMS 1.1.5 if install.lock is not present allows remote attackers to execute arbitrary PHP code by placing this code in the index.php?s=index/install/setup2 DBPREFIX field, which is written to database.php...

EUVD-2019-14916

Malware in sbrugna...

EUVD-2018-10891

Malware in sbrugna...

EUVD-2020-10370

Malware in sbrugna...

EUVD-2018-10441

Malware in sbrugna...

EUVD-2018-9077

Malware in sbrugna...

EUVD-2018-21585

Malware in sbrugna...

EUVD-2018-10437

Malware in sbrugna...

EUVD-2018-10436

Malware in sbrugna...

EUVD-2018-10440

Malware in sbrugna...

EUVD-2018-10438

Malware in sbrugna...

EUVD-2019-14915

Malware in sbrugna...

EUVD-2020-10369

Malware in sbrugna...

EUVD-2018-10439

Malware in sbrugna...

EUVD-2018-10442

Malware in sbrugna...

EUVD-2018-10892

Malware in sbrugna...

CVE-2020-18446

Cross Site Scripting XSS vulnerability exists in YUNUCMS 1.1.9 via the param parameter in the insertContent function in ContentModel.php...

CVE-2020-18445

Cross Site Scripting XSS vulnerability exists in YUNUCMS 1.1.9 via the upurl function in Page.php...

CVE-2018-19181

statics/ueditor/php/vendor/Local.class.php in YUNUCMS 1.1.5 allows arbitrary file deletion via the statics/ueditor/php/controller.php?action=remove key parameter, as demonstrated by using directory traversal to delete the install.lock file...