20 matches found
CVE-2022-23384
YzmCMS v6.3 is affected by Cross Site Request Forgery CSRF in /admin.add...
CVE-2019-16532
An HTTP Host header injection vulnerability exists in YzmCMS V5.3. A malicious user can poison a web cache or trigger redirections...
EUVD-2019-18941
Malware in sbrugna...
EUVD-2018-11524
Malware in sbrugna...
EUVD-2018-2299
Malware in sbrugna...
EUVD-2019-7206
Malware in sbrugna...
EUVD-2020-15156
Malware in sbrugna...
EUVD-2024-21715
Malicious code in bioql PyPI...
CVE-2024-24291
An issue in the component /member/index/login of yzmcms v7.0 allows attackers to direct users to malicious sites via a crafted URL...
CVE-2020-20341
YzmCMS v5.5 contains a server-side request forgery SSRF in the grabimage function...
CVE-2020-19949
A cross-site scripting XSS vulnerability in the /link/add.html component of YzmCMS v5.3 allows attackers to execute arbitrary web scripts or HTML...
CVE-2019-9570
An issue was discovered in YzmCMS 5.2.0. It has XSS via the bottom text field to the admin/systemmanage/save.html URI, related to the sitecode parameter...
PT-2024-22541 ยท Yzmcms ยท Yzmcms
Name of the Vulnerable Software and Affected Versions: YzmCMS version 7.0 Description: The issue allows attackers to run arbitrary code via Ads Management, Carousel Management, and System Settings. This is a Cross Site Scripting XSS issue. Recommendations: For YzmCMS version 7.0, update to a...
Yzmcms Cross-Site Request Forgery Vulnerability (CNVD-2023-64113)
Yzmcms is Yzmcms a set of open source CMS Content Management System. yzmcms 5.6 version of the cross-site request forgery vulnerability , the vulnerability stems from the program does not adequately verify whether the request comes from a trusted user , an attacker can use this vulnerability to...
YzmCMS Cross-Site Request Forgery Vulnerability (CNVD-2021-40496)
YzmCMS is a lightweight open source content management system based on PHP+Mysql architecture developed by Yuan Zhimeng alone. YzmCMS 5.8 version of the existence of cross-site request forgery vulnerability, the attacker can be member/member/add.html through the use of this vulnerability to add...
YzmCMS Cross-Site Scripting Vulnerability (CNVD-2021-40495)
YzmCMS is a lightweight open source content management system based on PHP+Mysql architecture developed by Yuan Zhimeng alone. YzmCMS 5.8 version of the /admin/systemmanage/userconfigedit.html page there is a cross-site scripting vulnerability, an attacker can use the vulnerability to inject...
YzmCMS Server-Side Request Forgery Vulnerability
YzmCMS is a lightweight open source content management system based on PHP+Mysql architecture developed by Yuan Zhimeng alone. YzmCMS 5.8 version of the back-end collection management server-side request forgery vulnerability, an attacker can use the vulnerability to read any file...
YzmCMS Cross-Site Scripting Vulnerability (CNVD-2021-39769)
Yzmcms is an open source CMS Content Management System. A cross-site scripting vulnerability exists in YzmCMS version 5.6. The vulnerability stems from the program using UEditor 1.4.3.3, so the vulnerability can be exploited through the SRC attribute of the IFRAME element in...
YzmCMS Cross-Site Scripting Vulnerability (CNVD-2021-34497)
YzmCMS is a lightweight open source content management system based on PHP+Mysql architecture developed by Yuan Zhimeng alone. A stored cross-site scripting vulnerability exists in the common/static/plugin/ueditor/1.4.3.3/php/controller.php action parameter in YzmCMS version 5.6. The vulnerabilit...
YzmCMS has an arbitrary file download vulnerability
YzmCMS is a lightweight open source content management system based on YZMPHP. YzmCMS has an arbitrary file download vulnerability that can only be exploited by attacks to obtain sensitive information...