4 matches found
CVE-2018-7732
An issue was discovered in YxtCMF 3.1. SQL Injection exists in ShitiController.class.php via the ids array parameter to exam/shiti/delshiti.html...
Cross site request forgery (csrf)
An issue was discovered in YxtCMF 3.1. RbacController.class.php has CSRF, as demonstrated by modifying an administrator account via index.php/admin/user/addpost.html...
CVE-2018-7733
An issue was discovered in YxtCMF 3.1. RbacController.class.php has CSRF, as demonstrated by modifying an administrator account via index.php/admin/user/addpost.html...
CVE-2018-7732
An issue was discovered in YxtCMF 3.1. SQL Injection exists in ShitiController.class.php via the ids array parameter to exam/shiti/delshiti.html...