10 matches found
EUVD-2018-10438
Malware in sbrugna...
EUVD-2018-10440
Malware in sbrugna...
Directory traversal
statics/ueditor/php/vendor/Local.class.php in YUNUCMS 1.1.5 allows arbitrary file deletion via the statics/ueditor/php/controller.php?action=remove key parameter, as demonstrated by using directory traversal to delete the install.lock file...
CVE-2018-19181
statics/ueditor/php/vendor/Local.class.php in YUNUCMS 1.1.5 allows arbitrary file deletion via the statics/ueditor/php/controller.php?action=remove key parameter, as demonstrated by using directory traversal to delete the install.lock file...
Code injection
statics/app/index/controller/Install.php in YUNUCMS 1.1.5 if install.lock is not present allows remote attackers to execute arbitrary PHP code by placing this code in the index.php?s=index/install/setup2 DBPREFIX field, which is written to database.php...
CVE-2018-19180
statics/app/index/controller/Install.php in YUNUCMS 1.1.5 if install.lock is not present allows remote attackers to execute arbitrary PHP code by placing this code in the index.php?s=index/install/setup2 DBPREFIX field, which is written to database.php...
CVE-2018-18726
An XSS issue was discovered in admin/sitelink/editsitelink?id=16 in YUNUCMS 1.1.5...
Cross site scripting
An XSS issue was discovered in admin/link/editlink?id=5 in YUNUCMS 1.1.5...
Cross site scripting
An XSS issue was discovered in index.php/admin/system/basic in YUNUCMS 1.1.5...
CVE-2018-18725
Summary: CVE-2018-18725 is a cross-site scripting vulnerability affecting YUNUCMS 1.1.5, specifically in the path admin/banner/editbanner?id=20. The connected documents confirm an XSS issue in that component. NVD references assign CVSS scores: CVSS v2 base 3.5 (LOW) and CVSS v3 base 4.8 (MEDIUM),...