Lucene search
K

15 matches found

Positive Technologies
Positive Technologies
added 2026/04/20 12:0 a.m.9 views

PT-2026-33755

A security flaw has been discovered in Yifang CMS up to 2.0.5. The impacted element is the function store of the file plugins/yifang backend account/logic/admin/L rbac admin.php of the component Extended Management Module. The manipulation of the argument Account results in cross site scripting...

5.1CVSS4.1AI score0.00253EPSS
Exploits0References5
CVE
CVE
added 2026/03/08 3:2 p.m.23 views

CVE-2026-3742

Affected software: YiFang CMS 2.0.5. The vulnerability resides in the function update of the file app/db/admin/D_singlePage.php where manipulating the argument Title triggers cross-site scripting. The exploit is publicly available and can be initiated remotely. Exploit code maturity is reported a...

5.4CVSS4.3AI score0.00196EPSS
Exploits1References4Affected Software1
ATTACKERKB
ATTACKERKB
added 2026/03/08 2:32 p.m.5 views

CVE-2026-3741

A security vulnerability has been detected in YiFang CMS 2.0.5. The affected element is the function update of the file app/db/admin/DfriendLink.php. Such manipulation of the argument linkName leads to cross site scripting. The attack may be performed from remote. The exploit has been disclosed...

5.1CVSS4.2AI score0.00196EPSS
Exploits1References4Affected Software1
RedhatCVE
RedhatCVE
added 2026/02/23 1:31 p.m.6 views

CVE-2026-2934

A security vulnerability has been detected in YiFang CMS up to 2.0.5. This impacts the function update of the file app/db/admin/DfriendLinkGroup.php of the component Extended Management Module. The manipulation of the argument Name leads to cross site scripting. It is possible to initiate the...

4.8CVSS3AI score0.00257EPSS
Exploits1References1
NVD
NVD
added 2026/02/22 8:15 a.m.8 views

CVE-2026-2933

A weakness has been identified in YiFang CMS up to 2.0.5. This affects the function update of the file app/db/admin/DadManage.php of the component Extended Management Module. Executing a manipulation of the argument Name can lead to cross site scripting. The attack may be performed from remote. T...

4.8CVSS0.00198EPSS
Exploits1References4
EUVD
EUVD
added 2025/10/03 8:7 p.m.5 views

EUVD-2025-25653

Malicious code in bioql PyPI...

6.5CVSS6.6AI score0.00296EPSS
Exploits0References5
EUVD
EUVD
added 2025/10/03 8:7 p.m.8 views

EUVD-2025-25652

Malicious code in bioql PyPI...

6.9CVSS5.6AI score0.00449EPSS
Exploits0References5
NVD
NVD
added 2025/09/29 3:15 a.m.6 views

CVE-2025-11136

A flaw has been found in YiFang CMS up to 2.0.2. The impacted element is the function webUploader of the file app/app/controller/File.php of the component Backend. Executing manipulation of the argument uploadpath can lead to unrestricted upload. The attack can be launched remotely. The exploit h...

7.2CVSS0.00366EPSS
Exploits1References4
CNNVD
CNNVD
added 2025/09/29 12:0 a.m.5 views

Yifang CMS 代码问题漏洞

Yifang CMS is a PHP enterprise website development and construction management system of China Yifang Company. A code issue vulnerability exists in Yifang CMS 2.0.2 and earlier versions, which stems from the incorrect operation of the parameter uploadpath of the function webUploader of the...

7.2CVSS5.3AI score0.00366EPSS
Exploits1References4
Cvelist
Cvelist
added 2025/08/25 12:2 a.m.12 views

CVE-2025-9399 YiFang CMS L_tool.php sql injection

A vulnerability was detected in YiFang CMS up to 2.0.5. Affected by this issue is some unknown functionality of the file app/logic/Ltool.php. The manipulation of the argument newurl results in sql injection. The attack may be launched remotely. The exploit is now public and may be used. The vendo...

6.5CVSS0.00303EPSS
Exploits0References5
CVE
CVE
added 2025/08/25 12:2 a.m.15 views

CVE-2025-9399

YiFang CMS

8.8CVSS6.7AI score0.00303EPSS
Exploits0References5Affected Software1
Positive Technologies
Positive Technologies
added 2025/08/25 12:0 a.m.6 views

PT-2025-34578

Name of the Vulnerable Software and Affected Versions: YiFang CMS versions through 2.0.5 Description: A flaw exists in YiFang CMS up to version 2.0.5, specifically within the mergeMultipartUpload function located in the app/utils/base/plugin/P file.php file. Manipulation of the File argument lead...

8.8CVSS6.1AI score0.00296EPSS
Exploits0References8
CNNVD
CNNVD
added 2025/08/25 12:0 a.m.5 views

Yifang CMS 安全漏洞

Yifang CMS is a PHP enterprise website development and construction management system from China Yifang Company. A security vulnerability exists in Yifang CMS 2.0.5 and earlier versions, which originates from the improper handling of the File parameter in the mergeMultipartUpload function in the...

8.8CVSS6.4AI score0.00296EPSS
Exploits0References5
Positive Technologies
Positive Technologies
added 2025/08/24 12:0 a.m.5 views

PT-2025-34576

Name of the Vulnerable Software and Affected Versions: YiFang CMS versions up to 2.0.5 Description: A security issue has been identified in YiFang CMS. The exportInstallTable function within the app/utils/base/database/Migrate.php file is susceptible to information disclosure. This issue can be...

7.5CVSS4.6AI score0.00449EPSS
Exploits0References10
OSV
OSV
added 2025/05/09 3:15 p.m.4 views

CVE-2025-45887

Yifang CMS v2.0.2 is vulnerable to Server-Side Request Forgery SSRF in /api/file/getRemoteContent...

9.1CVSS5.8AI score0.0036EPSS
Exploits1References1
Rows per page
Query Builder