11 matches found
CVE-2022-45550
AyaCMS 3.1.2 is vulnerable to Remote Code Execution RCE...
Arbitrary file deletion
AyaCMS 3.1.2 is vulnerable to file deletion via /aya/module/admin/fstdel.inc.php...
PT-2022-27739 · Ayacms · Ayacms
Name of the Vulnerable Software and Affected Versions: AyaCMS version 3.1.2 Description: The issue concerns an arbitrary file upload vulnerability. It can be exploited via the /aya/module/admin/fst down.inc.php endpoint. Recommendations: For AyaCMS version 3.1.2, consider restricting access to th...
CVE-2022-46102
AyaCMS 3.1.2 is vulnerable to Arbitrary file upload via /aya/module/admin/fstdown.inc.php...
CVE-2022-46102
AyaCMS 3.1.2 is vulnerable to Arbitrary file upload via /aya/module/admin/fstdown.inc.php...
PT-2022-27573 · Ayacms · Ayacms
Name of the Vulnerable Software and Affected Versions: AyaCMS version 3.1.2 Description: The issue concerns Remote Code Execution RCE, allowing for potentially malicious code to be executed remotely. Recommendations: For AyaCMS version 3.1.2, at the moment, there is no information about a newer...
Remote code execution
AyaCMS 3.1.2 is vulnerable to Remote Code Execution RCE via /aya/module/admin/usttabe.inc.php,...
CVE-2021-44238
AyaCMS 3.1.2 is vulnerable to Remote Code Execution RCE via /aya/module/admin/usttabe.inc.php,...
CVE-2020-23686
Cross site request forgery CSRF vulnerability in AyaCMS 3.1.2 allows attackers to change an administrators password or other unspecified impacts...
CVE-2020-23686
Cross site request forgery CSRF vulnerability in AyaCMS 3.1.2 allows attackers to change an administrators password or other unspecified impacts...
CVE-2020-23686
CVE-2020-23686 affects AyaCMS 3.1.2 and is a Cross-Site Request Forgery (CSRF) flaw stemming from the software’s lack of CSRF protection during administrator password changes, enabling an attacker to change the admin password (and potentially other impacts) as described in multiple security recor...